- From: Philip Gladstone <pgladsto@cisco.com>
- Date: Tue, 15 May 2012 11:29:37 -0400
- CC: public-webcrypto@w3.org
- Message-ID: <4FB27661.3000403@cisco.com>
Thanks for that pointer. Mnay operating systems have both /dev/random and /dev/urandom -- I suspect that we would want to expose both types of random numbers (i.e. an event interface that returns when there is sufficient entropy, and a synchronous interface for getting pseudo-random numbers). I would hope that when the hardware has a good source of random numbers (e.g. when Intel's Bull Mountain is available), then that source would be used in both cases. Getting good sources of entropy is hard, and this is especially important when generating keying material (recall the issues with duplicate primes in SSL certificates from earlier this year). Philip On 5/15/2012 11:01 AM, Nadim wrote: > Also, very relevant is window.crypto.getRandomValues: > http://wiki.whatwg.org/wiki/Crypto > > NK > > On Tuesday, 15 May, 2012 at 10:59 AM, Nadim wrote: > >> If we implement AES and SHA-2, we can use these as building blocks >> for a Fortuna RNG (spec. Bruce Schneier, Niels Ferguson.) I've >> already implemented Fortuna in JS and it's definitely feasible. >> >> NK >> >> On Tuesday, 15 May, 2012 at 10:52 AM, Philip Gladstone wrote: >> >>> I believe that the crypto API should have a method for generating >>> cryptographically secure random numbers. This is non-trivial to get >>> right, but there is hardware support in some new chips for >>> generating high quality random numbers. A uniform random number >>> interface can abstract the platform differences and provide a >>> uniform interface.. >>> >>> Philip >>> -- >>> Philip Gladstone >>> Distinguished Engineer >>> Product Development >>> pgladstone@cisco.com <mailto:pgladstone@cisco.com> >>> Phone: +1 978-ZEN-TOAD (+1 978 936 8623) >>> Google: +1 978 800 1010 >>> Ham radio: N1DQ >>> >>> Attachments: >>> - smime.p7s >> > -- Philip Gladstone Distinguished Engineer Product Development pgladstone@cisco.com Phone: +1 978-ZEN-TOAD (+1 978 936 8623) Google: +1 978 800 1010 Ham radio: N1DQ
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Tuesday, 15 May 2012 15:30:14 UTC