javascript 在各种浏览器中的随机实现有多可信? [英] How trustworthy is javascript's random implementation in various browsers?

问题描述

我想用 javascript 和加密做一些实验，我很好奇随机函数的实现是多么不可预测.有人做过硬性测试吗?

I would like to do some experimenting with javascript and encryption and I got curious as to how unpredictable the implementation of the random function is. Has anyone done any hard tests?

显然浏览器具有生成强随机性的能力(对于 ssl).问题是它们是否赋予 javascript 访问相同的强度.

Clearly browsers have the ability to generate strong randomness (for ssl). The questions is do they give javascript access to the same strength.

推荐答案

通常，随机函数在密码学上不强，因此您需要确保使用的是密码学伪随机数生成器.

Generally, the random function is not cryptographically strong, for that you need to make sure you are using a cryptographic pseudo-random-number generator.

通用随机函数通常不使用加密强生成方法，因为它们比简单的生成方法花费的时间更长(例如，Yarrow 比 Mersenne Twister 更复杂)并且需要仔细管理熵池，这并不能保证 Mozilla、cstdlib等想给你做的.

Generic random functions generally don't use cryptographically strong generation methods because they take longer than simple ones, (eg. Yarrow is more complicated than Mersenne Twister) and require careful management of the entropy pool, which is not a guarantee that Mozilla, cstdlib, etc. want to make to you.

如果您需要访问加密强随机数生成器，我会考虑访问底层 SSL 实现(给定的浏览器可能允许也可能不允许访问).

If you need access to cryptographically strong random number generators, I'd look into getting access to the underlying SSL implementation (which a given browser may or may not allow access to).

这篇关于javascript 在各种浏览器中的随机实现有多可信?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！