[whatwg] Cryptographically strong random numbers

Bill Frantz frantz at pwpconsult.com
Tue Feb 22 16:18:00 PST 2011

On 2/22/11 at 3:39 PM, brendan at mozilla.com (Brendan Eich) wrote:

>The "API issue" as Erik put it is this: do we need an array of 
>bytes/shorts/ints, potentially a lot of random values; or would 
>the fractional bits of a single IEEE 64-bit double precision 
>result be "good enough".

When doing crypto, mostly what you want is bit banging. For 
example, if you are implementing theRC4/ARC4 key schedule (From: 
<http://en.wikipedia.org/wiki/Rc4>) you are coding:

for i from 0 to 255
     S[i] := i
j := 0
for i from 0 to 255
     j := (j + S[i] + key[i mod keylength]) mod 256
     swap values of S[i] and S[j]

The AES process is similar (from: <http://en.wikipedia.org/wiki/Advanced_Encryption_Standard>):

High-level description of the algorithm
     1.  KeyExpansion—round keys are derived from the cipher key
         using Rijndael's key schedule
     2.  Initial Round
         1.  AddRoundKey—each byte of the state is combined with
             the round key using bitwise xor
     3.  Rounds
         1.  SubBytes—a non-linear substitution step where 
each byte
             is replaced with another according to a lookup table.
         2.  ShiftRows—a transposition step where each row of 
the state
             is shifted cyclically a certain number of steps.
         3.  MixColumns—a mixing operation which operates on 
the columns
             of the state, combining the four bytes in each column.
         4.  AddRoundKey
     4.  Final Round (no MixColumns)
         1.  SubBytes
         2.  ShiftRows
         3.  AddRoundKey

I always think of these operations as shifting and masking, but 
I'm really an Assembler/OS guy who likes being close to the 
hardware. :-)

Other uses will be packaging it into network messages, as in 
SSL/TLS key generation.

Are there other, non-crypto uses for secure random numbers?

The question for the Javascript experts is, what form will make 
implementing this kind of code easiest?

Cheers - Bill

Bill Frantz        | The first thing you need when  | Periwinkle
(408)356-8506      | using a perimeter defense is a | 16345 
Englewood Ave
www.pwpconsult.com | perimeter.                     | Los Gatos, 
CA 95032

More information about the es-discuss mailing list