On 5 Feb 2011, at 16:37, Boris Zbarsky wrote: > The question is, do people want cryptographically secure random numbers for > crypto, or something else? As you say, we need to understand the use cases.
If you want to use them for crypto - you need to have a very clear contract. Otherwise they are may well be very usable - but not for crypto. I.e. be very clear if you desire to follow the recommendation in something like FIPS P 800-90* or passes the various tests in FIPS SP 800-22 (or some other recognised equivalent). As IMHO 'Then and only then' can one use it for crypto without worry. As otherwise it is just strong randomness. Thanks, Dw *: http://csrc.nist.gov/publications/PubsSPs.html
