Closed Bug 354840 Opened 18 years ago Closed 12 years ago

Give web pages a way to obtain high-quality random numbers (e.g. for crypto key or password generation)

Categories

(Core :: JavaScript Engine, enhancement)

PowerPC
macOS
enhancement
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 440046

People

(Reporter: jruderman, Unassigned)

References

Details

There are some sites that use JavaScript to generate passwords, etc.  I bet they would be happy if they could use high-quality random numbers instead of the easily attacked Math.random().

(One site, http://www.fourmilab.ch/javascrypt/, has its own entropy collector.  But I'd think the page usually isn't loaded long enough to get a decent amount of entropy from mouse movements...)
No.  Mersenne Twister is a pseudo-random number generator, not a source of high-quality random bits.  It's not even especially strong against attacks that try to determine the PRNG's state by looking at its output.
(In reply to comment #0)
> There are some sites that use JavaScript to generate passwords, etc.  I bet
> they would be happy if they could use high-quality random numbers instead of
> the easily attacked Math.random().

window.crypto.random() is intended for this purpose. Marking this bug as dependent on 440046.
Depends on: 440046
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.