- From: Tom Mitchell <mitch@niftyegg.com>
- Date: Fri, 4 Feb 2011 21:41:27 -0800
On Fri, Feb 4, 2011 at 9:00 PM, Cedric Vivier <cedricv at neonux.com> wrote: > Hi, > > On Sat, Feb 5, 2011 at 08:42, Adam Barth <w3c at adambarth.com> wrote: >> interface Crypto { >> ?Float32Array getRandomFloat32Array(in long length); >> ?Uint8Array getRandomUint8Array(in long length); >> }; > > I think the API would be more flexible and more future-proof Future proof -- that is defined as : > > interface Crypto { > void getRandomValues(in ArrayBufferView data); > } > > getRandomValues(in ArrayBufferView data) > Fills a typed array with a cryptographically strong sequence of random values. > The length of the array determines how many cryptographically strong > random values are produced. > > > We had same discussion when defining readPixels API in WebGL. > > Advantages : > 1) this allows to reuse the same array over and over when necessary, > or circular buffer, instead of trashing the GC with new allocations > everytime one wants new random bytes. > 2) this allows to fill any integer array directly (Float*Array might > need more specification here though as Boris pointed out - could be > disallowed initially) > 3) this avoids exposing N methods for every type and makes refactoring > simpler (changing the array type does not require changing the > function call) > > (and also better matches most existing crypto APIs in other languages > that are also given an array to fill rather than returning an array) > > > Regards, > Future proof is hard. Seed management is critical and different tools apply better or worse depending on the statistics of the values being requested. There is some reading worth looking at on the LavaRand site. http://lavarand.com/ Any implementation for Strong random or pseudo random numbers should permit hardware assist. Another option is that a site might supply its own numbers or seeds with a browser script or php or other tool. Another option is to fetch an array from "localhost://bin/randint16" A good generator is hard to code.... An interface that permits improvements and connections near or far to hardware assist is a good thing. -- ? ? ? ? ? ? ? ? ? ? ? T o m?? M i t c h e l l ? ? ? ? ? ? ? ? ? ? mitch-at-niftyegg-dot-com "My lifetime goal is to be the kind of person my dogs think I am."
Received on Friday, 4 February 2011 21:41:27 UTC