W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2011

[whatwg] Cryptographically strong random numbers

From: Brendan Eich <brendan@mozilla.org>
Date: Tue, 22 Feb 2011 14:04:40 -0800
Message-ID: <AA70696F-87E8-4DEE-87FA-C0BC5B1AF0BE@mozilla.org>
On Feb 22, 2011, at 2:00 PM, Jorge wrote:

> On 22/02/2011, at 22:36, Brendan Eich wrote:
>> (...)
>> 
>> However, Math.random is a source of bugs as Amit Klein has shown, and these can't all be fixed by using a better non-CS PRNG underneath Math.random and still decimating to an IEEE double in [0, 1]. The use-cases Klein explored need both a CS-PRNG and more bits, IIRC. Security experts should correct amateur-me if I'm mistaken.
> 
> .replace( /1]/gm, '1)' ) ?

Right.

Reading more of Amit Klein's papers, the rounding to IEEE double also seems problematic. Again, I'm not the crypto-droid you are looking for.

/be
Received on Tuesday, 22 February 2011 14:04:40 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:31 UTC