Re: Request for feedback: DOMCrypt API proposal - random number generation from Aryeh Gregor on 2011-06-06 (public-webapps@w3.org from April to June 2011)

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Mon, 6 Jun 2011 14:44:25 -0400
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Cc: public-webapps@w3.org
Message-ID: <BANLkTikk4YEJhsewa6rFr=CL3v-7Ef_iaw@mail.gmail.com>

On Sat, Jun 4, 2011 at 1:52 AM, Yaron Sheffer <yaronf.ietf@gmail.com> wrote:
> However, I would like to propose one additional feature: a cryptographically
> secure random number generator (CSRNG). This is a badly missed feature
> today. [And just as I'm posting, I now see that Rich Tibbett beat me to this
> idea.]
>
> Specifically I would propose (and I know the details can be debated
> forever):
>
> random(): returns a cryptographically-strong 32-bit random integer.
> setRandom(r): mixes a user-supplied random integer r into the RNG internal
> state.

This was discussed in February on whatwg:

http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-February/030241.html

I didn't reread the whole thread, but my recollection is that people
preferred an API where you'd give it an ArrayBuffer and it would fill
it with random bytes.  That way you can efficiently get large amounts
of randomness.

Received on Monday, 6 June 2011 18:45:12 UTC