W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2011

[whatwg] Cryptographically strong random numbers

From: Roger Hågensen <rescator@emsai.net>
Date: Sun, 06 Feb 2011 04:34:46 +0100
Message-ID: <4D4E16D6.9080801@emsai.net>
On 2011-02-05 11:10, Adam Barth wrote:
> On Fri, Feb 4, 2011 at 9:00 PM, Cedric Vivier<cedricv at neonux.com>  wrote:
>> getRandomValues(in ArrayBufferView data)
>> Fills a typed array with a cryptographically strong sequence of random values.
>> The length of the array determines how many cryptographically strong
>> random values are produced.
>>
>>
>> We had same discussion when defining readPixels API in WebGL.
>>
>> Advantages :
>> 1) this allows to reuse the same array over and over when necessary,
>> or circular buffer, instead of trashing the GC with new allocations
>> everytime one wants new random bytes.
>> 2) this allows to fill any integer array directly (Float*Array might
>> need more specification here though as Boris pointed out - could be
>> disallowed initially)
>> 3) this avoids exposing N methods for every type and makes refactoring
>> simpler (changing the array type does not require changing the
>> function call)
>>
>> (and also better matches most existing crypto APIs in other languages
>> that are also given an array to fill rather than returning an array)
> Oh, that's very cool.  Thanks.
>
> Adam

I must say I like this as well. Having used RandomData(*buffer,length) 
in PureBasic makes more sense to me (then again I like procedural 
unmanaged programming with a sprinkle of ASM and API stuff so...)

But getRandomValues(in ArrayBufferView data) seem to indicate that each 
byte (value) is random, limited to an array of 8bit data?.
Now if that is the intention then that's fine.

But wouldn't getRandomData(in ArrayBufferView data) be the ideal? As 
there could be from 8bit of random data to whatever the max size of an 
array is in steps of 8bits (and you can always mask/truncate by hand for 
exact bits)

But other than that little nitbit, filling an array/buffer instead of 
returning one? Good idea!


-- 
Roger "Rescator" H?gensen.
Freelancer - http://www.EmSai.net/
Received on Saturday, 5 February 2011 19:34:46 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:30 UTC