PRNG - currently available solutions aren't addressing many use cases

Michał Wadas michalwadas at
Tue Dec 1 19:20:34 UTC 2015

As we all know, JavaScript as language lacks builtin randomness related
All we have is Math.random() and environment provided RNG - window.crypto
in browser and crypto module in NodeJS.
Sadly, these APIs have serious disadvantages for many applications:

- implementation dependant
- not seedable
- unknown entropy
- unknown cycle
- returns float
+ portable

- not widely known
- not portable
- not seedable
- low level interface requiring passing typed array
- allow to get maximally 65k values at once
+ cryptographically secure
+ allow any type of generated numbers

- not portable
- asynchronous
- low level interface
- returns series of uint8
- not seedable
+ cryptographically secure
+ asynchronous (can be advantage or disadvantage, depending on use case)

As we can see, all these either unreliable or designed mainly for

That's we need easy to use, seedable random generator.

Why shouldn't it be provided by library?
- average developer can't and don't want to find and verify quality of
library - "cryptography is hard" and math is hard too
- library size limits it usability on Web
- no standard interface for PRNG - library can't be replaced as drop-in

Specification should probably include:
- seedable random generator instance (new RamdomGenerator(algorithm, seed))
with methods random(), ramdomInteger(min, max), fillWithRamdom(typedArray)
- seedable sequence (infinite iterator)
- promise-based solution for asynchronous tasks

Questions, ideas:
- should we provide Array.prototype.shuffle?
- should be internal state of generator exposed? Should it be read-only?
- how many algorithms should be obligatory?
- should we have methods like randomFloat32 corresponding to typed arrays?
- GPU accelerated PRNG as optional extension?
- UUIDs built in standard library?

Have I missed some use cases or restrictions?

Michał Wadas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list