javascript在各种浏览器中随机实现的可信度如何？ [英] How trustworthy is javascript's random implementation in various browsers?

问题描述

我想做一些javascript和加密的实验，我很好奇随机函数的实现有多么不可预测。有人做过任何硬测试吗？

I would like to do some experimenting with javascript and encryption and I got curious as to how unpredictable the implementation of the random function is. Has anyone done any hard tests?

显然，浏览器能够产生强随机性（对于ssl）。问题是他们是否允许javascript访问相同的强度。

Clearly browsers have the ability to generate strong randomness (for ssl). The questions is do they give javascript access to the same strength.

推荐答案

一般来说，随机函数的加密性不强，对于那个您需要确保使用加密伪随机数生成器。

Generally, the random function is not cryptographically strong, for that you need to make sure you are using a cryptographic pseudo-random-number generator.

通用随机函数通常不使用加密强生成方法，因为它们需要比简单更长的时间其中，（例如，Yarrow比Mersenne Twister更复杂）并且需要仔细管理熵池，这不是Mozilla，cstdlib等想要给你的保证。

Generic random functions generally don't use cryptographically strong generation methods because they take longer than simple ones, (eg. Yarrow is more complicated than Mersenne Twister) and require careful management of the entropy pool, which is not a guarantee that Mozilla, cstdlib, etc. want to make to you.

如果您需要访问加密强大的随机数生成器，我会考虑访问底层SSL实现（给定浏览器可能允许或不允许访问）。

If you need access to cryptographically strong random number generators, I'd look into getting access to the underlying SSL implementation (which a given browser may or may not allow access to).

这篇关于javascript在各种浏览器中随机实现的可信度如何？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！