Re: Request for feedback: DOMCrypt API proposal - random number generation

[Yaron Sheffer]

Hi, I support this proposal, I think it will make application developers' lives much easier. However, I would like to propose one additional feature: a cryptographically secure random number generator (CSRNG). This is a badly missed feature today. [And just as I'm posting, I now see that Rich Tibbett beat me to this idea.] Specifically I would propose (and I know the details can be debated forever): random(): returns a cryptographically-strong 32-bit random integer. setRandom(r): mixes a user-supplied random integer r into the RNG internal state. While you can always grab crypto code from somewhere if you need AES or RSA in your app, there is simply no secure alternative to accessing the platform's RNG if you need random material to generate keys. So this is an essential building block for any app-level cryptography. Thanks,     Yaron