W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2011

[whatwg] Cryptographically strong random numbers

From: Dirk-Willem van Gulik <Dirk-Willem.van.Gulik@BBC.co.uk>
Date: Sat, 5 Feb 2011 17:02:07 +0000
Message-ID: <D1168944-EB2E-4471-A436-184957918C87@BBC.co.uk>

On 5 Feb 2011, at 16:37, Boris Zbarsky wrote:

> The question is, do people want cryptographically secure random numbers for crypto, or something else?  As you say, we need to understand the use cases.

If you want to use them for crypto - you need to have a very clear contract. Otherwise they are may well be very usable - but not for crypto. 

I.e. be very clear if you desire to follow the recommendation in something like FIPS P 800-90* or passes the various tests in FIPS SP 800-22 (or some other recognised equivalent).

As IMHO 'Then and only then' can one use it for crypto without worry. As otherwise it is just strong randomness.

Thanks,

Dw

*: http://csrc.nist.gov/publications/PubsSPs.html
Received on Saturday, 5 February 2011 09:02:07 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:30 UTC