Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use better methods for generating entropy #6

Merged
merged 3 commits into from
Aug 22, 2013
Merged

Use better methods for generating entropy #6

merged 3 commits into from
Aug 22, 2013

Commits on Aug 20, 2013

  1. Use crypto.getRandomValues for RNG if available

    window.crypto.random is really old and depreciated.  Should use
    crypto.getRandomValues instead.  If we are able to generate entropy from
    crypto.getRandomValues, we should not add entropy from Math.random, as
    it may be unreliable.
    ctso committed Aug 20, 2013
    Configuration menu
    Copy the full SHA
    a9c9926 View commit details
    Browse the repository at this point in the history
  2. Use better entropy generation methods

    Using time to generate entropy is not optimal, as time is predictible
    and not random.  This change prefers crypto.getRandomValues, falls back
    to using mouse movement, and ultimately if enough entropy is not
    generated by the time we need a key, it will fall back to Math.random.
    ctso committed Aug 20, 2013
    Configuration menu
    Copy the full SHA
    2cdd2f7 View commit details
    Browse the repository at this point in the history
  3. Initialize Uint32Array before getRandomValues

    This seems to cause PhantomJS to fail, as getRandomValues does not
    return the array.
    ctso committed Aug 20, 2013
    Configuration menu
    Copy the full SHA
    c3be58a View commit details
    Browse the repository at this point in the history