Re: random numbers API from Joshua Bell on 2012-11-16 (public-webapps@w3.org from October to December 2012)

From: Joshua Bell <jsbell@chromium.org>
Date: Fri, 16 Nov 2012 10:38:43 -0800
To: Florian Bösch <pyalot@gmail.com>
Cc: David Bruant <bruant.d@gmail.com>, Frederick.Hirsch@nokia.com, Webapps WG <public-webapps@w3.org>
Message-ID: <CAD649j4pfCQhCO2bcmAQaxdCy+K=aTWdFZmwhvqvEfcZ8rH3GQ@mail.gmail.com>

On Fri, Nov 16, 2012 at 9:20 AM, Florian Bösch <pyalot@gmail.com> wrote:

> I'll see that I can come up with a test suite that verifies statistical
> and runtime behavior of an array of algorithms implemented in JS, it'll
> probably take a while.
>
>
Thank you!

As a side benefit, having a library of tested PRNGs implemented in JS with
a "good" license would be quite handy.



>
> On Fri, Nov 16, 2012 at 6:02 PM, David Bruant <bruant.d@gmail.com> wrote:
>
>>  Le 16/11/2012 17:35, Florian Bösch a écrit :
>>
>> On Fri, Nov 16, 2012 at 5:20 PM, David Bruant <bruant.d@gmail.com> wrote:
>>
>>>  That'd be a nonsense to add seeding in my opinion. If you want
>>> security, you don't want to take the risk of people seeding and loose all
>>> security property. If it's for debugging purposes, the seeding should be
>>> part of a devtool, not of the web-facing API.
>>>
>> I agree that in the crypographic context seeding might not make sense (or
>> even guarantees about repeatability).
>>
>>  The purpose of the proposal of a fast, reliable, statistically sound,
>> repeatable, seedable PRNG in JS however is not to do cryptography. It would
>> be to be able to perform procedural computation repeatably regardless of
>> machine, VM, optimization and vendor differences. An example: Say you
>> wanted to do a procedural universe consisting of 1 million stars. At 3
>> cartesian coordinates per star and at each component having 8 bytes, you'd
>> get 22MB of data. If you want to share this galaxy with anybody you'll have
>> to pass them this 22mb blob. If you want multiple people in the same
>> galaxy, you have to pass them that blob.
>>
>> If you want repeatable, you actually don't want random (as your title
>> suggests) but PRNG very specifically ("pseudo" being themost important
>> part). In that case, I feel writing your own PRNG will be almost as fast as
>> a native one with nowadays crazy JIT. Just write an algorithm that you're
>> satisfied and pass around the algo and any parametrization you want. I feel
>> it would solve your use case.
>>
>>
>>  It takes about 0.7 seconds in C to generate 3 million statistically
>> sound random numbers for longs.
>>
>> Do you have measurements of how much the same algo takes in JS?
>>
>> David
>>
>
>

Received on Friday, 16 November 2012 18:39:11 UTC