W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2011

[whatwg] Cryptographically strong random numbers

From: Glenn Maynard <glenn@zewt.org>
Date: Mon, 14 Feb 2011 17:30:11 -0500
Message-ID: <AANLkTi=AO4H1-6jeUHCTamyxSBU36xKCQ1woHTAaaCH8@mail.gmail.com>
On Mon, Feb 14, 2011 at 5:08 PM, Adam Barth <w3c at adambarth.com> wrote:

> On Mon, Feb 14, 2011 at 12:49 PM, Brendan Eich <brendan at mozilla.org>
> wrote:
> > On Feb 14, 2011, at 12:26 PM, Adam Barth wrote:
> > > Ok.  I'll write up a spec later today.
> >
> > Thanks.
>
> Done: http://wiki.whatwg.org/wiki/Crypto
>
> Feedback appreciated.
>

> If insufficient cryptographically random values are available,
getRandomValues does not alter array and throws a NOT_SUPPORTED_ERR

I'm not sure if this means "if you're using /dev/random and it would block,
throw", or "if the amount of entropy in the PRNG's entropy pool is low,
throw", but they both seem hard to deal with from scripts.  There's no way
to know when to try again, and most applications wanting secure PRNGs don't
need this.  Even ssh-keygen seems to simply use /dev/urandom without
worrying about it returning low-entropy randomness.

I think it makes more sense to imply /dev/urandom's behavior: always return
data, even if the entropy pool is low.  If there's a need for randomness
with that stronger guarantee of entropy, that seems like it would want an
asynchronous API in order to wait for entropy (akin to /dev/random).

-- 
Glenn Maynard
Received on Monday, 14 February 2011 14:30:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:04 UTC