Re: random numbers API from David Bruant on 2012-11-16 (public-webapps@w3.org from October to December 2012)

From: David Bruant <bruant.d@gmail.com>
Date: Fri, 16 Nov 2012 17:20:34 +0100
To: Florian Bösch <pyalot@gmail.com>
CC: Frederick.Hirsch@nokia.com, Webapps WG <public-webapps@w3.org>
Message-ID: <50A667D2.1070801@gmail.com>

Le 16/11/2012 16:30, Florian Bösch a écrit :
> On Fri, Nov 16, 2012 at 4:24 PM, <Frederick.Hirsch@nokia.com 
> <mailto:Frederick.Hirsch@nokia.com>> wrote:
>
>     The W3C Web Cryptography working group [1]  has a draft that seems
>     to include a method to generate cryptographically random values [2].
>
> It does include a random number generator. However it does not include 
> seeding and consequentially no guarantees about the algorithm and 
> repeatability.
That'd be a nonsense to add seeding in my opinion. If you want security, 
you don't want to take the risk of people seeding and loose all security 
property. If it's for debugging purposes, the seeding should be part of 
a devtool, not of the web-facing API.

David

Received on Friday, 16 November 2012 16:21:09 UTC