W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2012

Re: random numbers API

From: David Bruant <bruant.d@gmail.com>
Date: Fri, 16 Nov 2012 17:20:34 +0100
Message-ID: <50A667D2.1070801@gmail.com>
To: Florian Bösch <pyalot@gmail.com>
CC: Frederick.Hirsch@nokia.com, Webapps WG <public-webapps@w3.org>
Le 16/11/2012 16:30, Florian Bösch a écrit :
> On Fri, Nov 16, 2012 at 4:24 PM, <Frederick.Hirsch@nokia.com 
> <mailto:Frederick.Hirsch@nokia.com>> wrote:
>
>     The W3C Web Cryptography working group [1]  has a draft that seems
>     to include a method to generate cryptographically random values [2].
>
> It does include a random number generator. However it does not include 
> seeding and consequentially no guarantees about the algorithm and 
> repeatability.
That'd be a nonsense to add seeding in my opinion. If you want security, 
you don't want to take the risk of people seeding and loose all security 
property. If it's for debugging purposes, the seeding should be part of 
a devtool, not of the web-facing API.

David
Received on Friday, 16 November 2012 16:21:09 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:56 GMT