On Feb 22, 2011, at 2:49 PM, Erik Corry wrote: > I can find Klein's complaints that the implementation of Math.random is > insecure but not his complaints about the API. Do you have a link?
In the paper linked from http://seclists.org/bugtraq/2010/Dec/13 section 3 ("3. The non-uniformity bug"), viz: "Due to issues with rounding when converting the 54 bit quantity to a double precision number (as explained in http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf section 2.1, x2 may not accurately represent the state bits if the whole double precision number is ≥0.5." but that link dangles, and I haven't had time to read more. The general concern about the API arises because Adam's API returns a typed array result that could have lenght > 1, i.e., not a random result that fits in at most 32 (or even 53) bits. /be