The cookie authorization random number generator is just the native one in javascript. This isn't cryptographically secure. We also need to put some thought into getting some sort of information server-side that is actually random for the seed value. I know gpg uses some sort of hardware entropy, but it's really slow.
The cookie authorization random number generator is just the native one in javascript. This isn't cryptographically secure. We also need to put some thought into getting some sort of information server-side that is actually random for the seed value. I know gpg uses some sort of hardware entropy, but it's really slow.