Fortunately, these APIs are quite simple (e.g., the implementation in WebKit is a whole four lines of code) and having more than one way to access good randomness isn't terribly costly. Even if strong randomness is a future aspiration for ECMAScript, crypto.getRandomValues provides benefits today at low cost and is probably still worth doing.
Adam On Sun, Feb 13, 2011 at 8:26 PM, Brendan Eich <[email protected]> wrote: > Yes, we aspire to standardize a good RBG as an "upgrade" to Math.random -- > obviously a new name would be needed, but with docs and evangelization we > would hope to steer people away from that old p.o.s. I copied from Java in > 1995 (quote unquote). > > See http://wiki.ecmascript.org/doku.php?id=strawman:random-er for the > mostly-aspirational page. As Boris says, this is a core language strawman > proposal, not something we want browser-only (think http://nodejs.org/). > > /be > > > On Feb 13, 2011, at 6:37 PM, Boris Zbarsky wrote: > >> On 2/13/11 8:22 PM, Adam Barth wrote: >>> It seems likely that window.crypto will continue to grow more quality >>> cryptographic APIs, not all of which will be appropriate at the >>> ECMAScript level. >> >> Sure; the question is whether this _particular_ API would be more >> appropriate at the language level. Or more to the point, if the language >> plans to grow it anyway, do we need two APIs for it? >> >> It's worth at least checking with the ES folks whether they plan to add a >> API like this (something that fills in an array of bytes with >> cryptographically strong random values) in any sort of short-term timeframe. >> >> -Boris >> _______________________________________________ >> es-discuss mailing list >> [email protected] >> https://mail.mozilla.org/listinfo/es-discuss > > _______________________________________________ > es-discuss mailing list > [email protected] > https://mail.mozilla.org/listinfo/es-discuss >
