[whatwg] Cryptographically strong random numbers

On Sat, Feb 5, 2011 at 11:07 PM, Cedric Vivier <cedricv at neonux.com> wrote:

> read(FD("/dev/random"), PTR(arraybufferview->data),
> arraybufferview->byteLength)
>

More accurately, /dev/urandom, since this is a synchronous API that
shouldn't block.  This should be made explicit if this gets specced.

I thought about suggesting a /dev/random-like interface earlier--one which
reads from a real, blocking entropy source (like /dev/random) with an async
API.  However, on examination /dev/urandom is apparently good enough even
for ssh-keygen, so I'm guessing that's unnecessary.  (It could also cause
other problems, eg. allowing webpages to flush a user's kernel's entropy
buffer and causing separate pages to compete for entropy data.)

-- 
Glenn Maynard

Received on Saturday, 5 February 2011 20:21:43 UTC