tc39 / proposal-uuid

UUID proposal for ECMAScript (Stage 1)
463 stars 7 forks source link

Separate proposal for CSPRNG "source of truth" #37

Open rbuckton opened 4 years ago

rbuckton commented 4 years ago

This was brought up at TC39, with respect to whether random UUIDs should be based on a separate API that would provide a single "source of truth" for generating cryptographically-secure pseudo-random numbers similar to crypto.getRandomValues. This had to do primarily with @erights's concerns about mocking an API.

The main issue with possibly subsuming crypto.getRandomValues from the Web API is the dependence on DOMException-derived errors, and that changing those cases to TypeErrors and RangeErrors could go against "web reality" where people may be filtering exceptions using instanceof.

I put together an outline for a proposal to adopt the semantics of crypto.getRandomValues under a different name, and wanted to spark further discussion here before considering whether to make it a full-blown proposal: https://gist.github.com/rbuckton/0777210dc3086e1a90375354b045a3a7

The idea being to add an ArrayBuffer.fillRandom(view) static method that uses the same semantics as the Web Crypto APIs, except with the errors swapped. I propose making it a method on ArrayBuffer for several reasons:

bcoe commented 4 years ago

@rbuckton thanks for this great summary.

rbuckton commented 4 years ago

The proposal for this specific feature can now be found here: https://github.com/rbuckton/proposal-arraybuffer-fillrandom