----- Original Message ----- From: "Rich Tibbett" <[email protected]> To: "David Dahl" <[email protected]> Cc: [email protected] Sent: Friday, June 3, 2011 6:25:15 AM Subject: Re: Request for feedback: DOMCrypt API proposal
> I wonder whether the problem is actually just one of generating sufficiently cryptographically secure PRNGs or whether there are real benefits to creating a full-blown UA-based Crypto API and the can of worms that might open. With Firefox, we are sitting on top of a well tested, tried and true set of crypto APIs written in C that can be accessed via js-ctypes - and on a worker no less. I think your average web developer needs an elegant API that is using world class crypto under the hood instead of re-building the wheel. naturally, giving JavaScript a secure PRNG would be great. There is a lot of discussion on this subject here: https://bugzilla.mozilla.org/show_bug.cgi?id=322529 Cheers, David
