[whatwg] Cryptographically strong random numbers
brendan at mozilla.com
Tue Feb 22 15:39:07 PST 2011
On Feb 22, 2011, at 3:26 PM, Bill Frantz wrote:
> On 2/22/11 at 1:36 PM, brendan at mozilla.com (Brendan Eich) wrote:
>> However, Math.random is a source of bugs as Amit Klein has shown, and these can't all be fixed by using a better non-CS PRNG underneath Math.random and still decimating to an IEEE double in [0, 1]. The use-cases Klein explored need both a CS-PRNG and more bits, IIRC. Security experts should correct amateur-me if I'm mistaken.
> I'll see if the security expert hat fits. :-)
Browsers have, based on Amit's work, added some automatic reseeding and (before that) switched from a singleton hidden state to state-per-window/iframe.
The "API issue" as Erik put it is this: do we need an array of bytes/shorts/ints, potentially a lot of random values; or would the fractional bits of a single IEEE 64-bit double precision result be "good enough".
More information about the es-discuss