W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2011

[whatwg] Cryptographically strong random numbers

From: Brendan Eich <brendan@mozilla.org>
Date: Tue, 22 Feb 2011 21:32:25 -0800
Message-ID: <BC8CB172-CA35-4F09-9589-64A636281515@mozilla.org>
On Feb 22, 2011, at 3:45 PM, Erik Corry wrote:
> Thanks for the link. Having read the section in question I am satisfied that the author has no problem with the API.
> 
In theory, sure. Bits are bits.

The practical issue is usability, where less usable interfaces tend to breed more bugs, as I argued was a hazard of the proposal to return a plain old Array containing uint16 values as elements. Glenn Maynard's point about more to go wrong with IEEE double seem to be validated by the IE9 preview release Math.random bugs that Amit Klein found. From the crypto-hacker point of view, anything that makes it harder to get random uint{8,16,32} values than necessary seems that much less good.

If we have only number type for the result, then Math.random is the API template to match. Given typed arrays / binary data, Adam's API looks more usable, even counting the cost of differing from Math.random in its API signature.

/be


> On Feb 23, 2011 12:34 AM, "Brendan Eich" <brendan at mozilla.org> wrote:
> > On Feb 22, 2011, at 2:49 PM, Erik Corry wrote:
> >> I can find Klein's complaints that the implementation of Math.random is insecure but not his complaints about the API. Do you have a link?
> > 
> > In the paper linked from http://seclists.org/bugtraq/2010/Dec/13 section 3 ("3. The non-uniformity bug"), viz:
> > 
> > "Due to issues with rounding when converting the 54 bit quantity to a double precision number (as explained in http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf section 2.1, x2 may not accurately represent the state bits if the whole double precision number is ?0.5."
> > 
> > but that link dangles, and I haven't had time to read more.
> > 
> > The general concern about the API arises because Adam's API returns a typed array result that could have lenght > 1, i.e., not a random result that fits in at most 32 (or even 53) bits.
> > 
> > /be
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
Received on Tuesday, 22 February 2011 21:32:25 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:31 UTC