W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2011

[whatwg] Cryptographically strong random numbers

From: Cedric Vivier <cedricv@neonux.com>
Date: Sat, 12 Feb 2011 02:00:15 +0800
Message-ID: <AANLkTi=VyYD0spmi9+4tLScPH94uqRzZDeuRAJ+P4H_V@mail.gmail.com>
On Fri, Feb 11, 2011 at 19:38, Adam Barth <w3c at adambarth.com> wrote:
> Just to followup on this thread, I've landed this feature in WebKit.
> I'm not sure whether it made it into tonight's nightly, but it should
> be in a nightly shortly.


> interface Crypto {
> ?void getRandomValues(in ArrayBufferView array) raises(DOMException);
> };
> If the ArrayBufferView isn't a Uint8Array , getRandomValues throws
> an exception (VALIDATION_ERR

Is there a specific reason for this limitation?
Imho it should throw only for Float32Array and Float64Array since
unbounded random floating numbers does not really make sense
(including because of NaN and +inf -inf).
However some use cases might prefer signed Int8Array or any other
integer type and it doesn't change anything to the implementation :
filling bytes to the ArrayBufferView's underlying ArrayBuffer).

Like for instance you can do below in C to get random 32-bit numbers
directly (though 'read' might very well get them one byte at a time
from /dev/random) :
int32_t random_32bit_integers[32];
read(dev_random_fd, random_32bit_integers, sizeof(random_32bit_integers))

Received on Friday, 11 February 2011 10:00:15 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:04 UTC