Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

should we better define rules more distinct than "best effort" for randomness #34

Open
bcoe opened this issue Oct 29, 2019 · 1 comment
Open

should we better define rules more distinct than "best effort" for randomness #34

bcoe opened this issue Oct 29, 2019 · 1 comment

Comments

@bcoe
Copy link
Collaborator

bcoe commented Oct 29, 2019

The W3C Web Crypto recommendation suggests, with regards to generating randomness, that:

This specification provides no lower-bound on the information theoretic entropy present in cryptographically random values, but implementations should make a best effort to provide as much entropy as practicable.

Talking with some folks I work with about this specification, they thought that it might be worth having the goal of defining a few more concrete rules for what represents "best effort" ... perhaps we could come up with a few guidelines that aren't controversial.

As of right now, we've borrowed the W3C wording in #33, but it might be worth revisiting with the goal described above.
@broofa
Copy link
Collaborator

broofa commented Oct 30, 2019

Doesn't the term "cryptographically secure" already set a well-defined bar for what is expected? I'm at a bit of a loss for what we could add here that would be helpful in practice.

Delete that note altogether to avoid confusion?

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@broofa @bcoe