Re: random numbers API

On Fri, Nov 16, 2012 at 5:20 PM, David Bruant <bruant.d@gmail.com> wrote:

>  That'd be a nonsense to add seeding in my opinion. If you want security,
> you don't want to take the risk of people seeding and loose all security
> property. If it's for debugging purposes, the seeding should be part of a
> devtool, not of the web-facing API.
>
I agree that in the crypographic context seeding might not make sense (or
even guarantees about repeatability).

The purpose of the proposal of a fast, reliable, statistically sound,
repeatable, seedable PRNG in JS however is not to do cryptography. It would
be to be able to perform procedural computation repeatably regardless of
machine, VM, optimization and vendor differences. An example: Say you
wanted to do a procedural universe consisting of 1 million stars. At 3
cartesian coordinates per star and at each component having 8 bytes, you'd
get 22MB of data. If you want to share this galaxy with anybody you'll have
to pass them this 22mb blob. If you want multiple people in the same
galaxy, you have to pass them that blob.

It takes about 0.7 seconds in C to generate 3 million statistically sound
random numbers for longs. The seed to the galaxy is just a few bytes. So
why do we have to transfer 22mb for the web?

Received on Friday, 16 November 2012 16:36:20 UTC