Better randomness

[StoneCypher]

Poorly defined random implementations have famously been a problem several times. End developers frequently implement things that should be implemented natively with access to things the JSVM is blind to, like system entropy.

I think we should have:

1. A random number system that allows us to select the implementation
2. A small defined minimum list of implementations to be offered by a compliant machine, including
   1. At least one seedable small fast hyperfast impl, like xorshift
   2. At least one fast cryptographic stream generator, like TwoFish in counter mode
   3. A statistically strong non-cryptographic, like PCG
3. An introspection so that vendors can do whatever wacky thing they want under a new name

[littledan]

@StoneCypher What would you think of pursuing this feature request within WebCrypto, which includes both cryptographically secure random numbers, and choose-able algorithms (but not together)? From there, maybe we can consider implementing WebCrypto in other environments like Node.js.

[tabatkins]

I've been lazy about advancing it, but https://github.com/tc39/proposal-seeded-random is at Stage 1, for the seeded random use-case.

[StoneCypher]

@littledan - whereas I see the need in WebCrypto's case, I also see the need in cases that have nothing to do with WebCrypto, which plausibly wouldn't even support WebCrypto

I believe the need to be more fundamental

[StoneCypher]

@tabatkins - Respectfully, I feel that that doesn't actually fulfill the need.

I'm a big user of your work. It's a little scary to disagree with you. 😄

[tabatkins]

👍 Good point, not a problem. ^_^

[littledan]

@StoneCypher How does this differ from the other things in SubtleCrypto?

[StoneCypher]

1. Because it's not a crypto topic

[littledan]

Let's follow up on feature idea brainstorming in #16.

[StoneCypher]

I really wish you'd stop closing my tickets, dan

[leobalter]

@StoneCypher I'd like to ask you to moderate you tone immediately.

Daniel is the one responsible to manage the issues in this project and he showed you this some should be discussed along another issue. I'd like you to understand this - as any OSS project - is based on respect for the sake of shared work. Force pushing comments everywhere will not get your ideas anywhere.

[littledan]

Thanks for your help, Leo.

Daniel is the one responsible to manage the issues in this project

Just to clarify, I'm not a champion of this proposal, but I attracted a lot of attention to it through Twitter, so I feel some responsibility in keeping the issue threads productive.