Closed mangoplane closed 1 year ago
It's using browser's https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues which is considered cryptographically secure.
Also, is there any chance we can provide a source of entropy, say from hardware or random.org
You can do whatever you want, but to me using random.org
seems like a terrible idea.
Best thing to do is to verify the entropy randomness by yourself.
Thanks for your suggestions and comments. I will look more into CS PRNG, and the particular variant that W3C (the standard I believe the browser is following) requires for the Crypto Web API. All the best.
Adjusted the documentation.
Yes, it requires crypto web api, because you can't emulate the CSPRNG in browser. It requires access to hardware entropy, which crypto.getRandomValues provides.
What's your platform?
Hi Paul,
Great work. Just wondering how secure the random number generator used for seeding keygen. Any chance you could elaborate on that in your documentation? Also, is there any chance we can provide a source of entropy, say from hardware or random.org?
Kind regards.