PRNG - currently available solutions aren't addressing many use cases

Raymond Toy toy.raymond at gmail.com
Sat Dec 5 18:37:36 UTC 2015


On Tue, Dec 1, 2015 at 1:45 PM, David Bruant <bruant.d at gmail.com> wrote:

> Le 01/12/2015 20:20, Michał Wadas a écrit :
>
>>
>> As we all know, JavaScript as language lacks builtin randomness related
>> utilities.
>> All we have is Math.random() and environment provided RNG - window.crypto
>> in browser and crypto module in NodeJS.
>> Sadly, these APIs have serious disadvantages for many applications:
>>
>> Math.random
>> - implementation dependant
>> - not seedable
>> - unknown entropy
>> - unknown cycle
>> (...)
>>
>> I'm surprised by the level of control you describe (knowing the cycle,
> seeding, etc.). If you have all of this, then, your PRNG is just a
> deterministic function. Why generating numbers which "look" random if you
> want to control how they're generated?
>

​So I can reproduce a simulation exactly to figure out why it's not
working.  Well, only being able to seed is really required for this.
​


>
> window.crypto
>> - not widely known
>>
> This is most certainly not a good reason to introduce a new API.
>
> As we can see, all these either unreliable or designed mainly for
>> cryptography.
>>
>> That's we need easy to use, seedable random generator
>>
>> Can you provide use cases the current options you listed make impossible
> or particularly hard?
>
>
> Why shouldn't it be provided by library?
>>
>> - average developer can't and don't want to find and verify quality of
>> library - "cryptography is hard" and math is hard too
>>
>> A library or a browser implementation would both need to be "validated"
> by a test suite verifying some statistical properties. My point is that
> it's the same amount of work to validate the "quality" of the
> implementation.
>
> - library size limits it usability on Web
>>
>> How big would the library be?
> How much unreasonable would it be compared to other libraries for other
> use cases?
> I'm not an expert on the topic, but of the few things I know, it's hard to
> imagine a PRNG function would be more than 10k
>
> - no standard interface for PRNG - library can't be replaced as drop-in
>> replacement
>>
>> We've seen in the past that good libraries become de-facto standard (at
> the library level, not the platform level) and candidate to being shimmed
> when the library is useful and there is motivation for a drop-in
> replacement (jQuery > Zepto, underscore > lodash). This can happen.
> We've also seen ES Promises respect the Promise A+ spec or close enough if
> they don't (I'm not very familiar with the details).
>
> David
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>



-- 
Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20151205/499c4f6a/attachment.html>


More information about the es-discuss mailing list