Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad advice in README.md #2

Open
atoponce opened this issue Jun 3, 2024 · 0 comments
Open

Bad advice in README.md #2

atoponce opened this issue Jun 3, 2024 · 0 comments

Comments

@atoponce
Copy link

atoponce commented Jun 3, 2024
edited
Loading

Emphasis mine:

Use this to quickly generate random numbers with good statistical properties. NOTE: This generator is not cryptographically secure. If you need a secure generator then consider ISAAC for your application: a fast, long-period generator and discrete message cipher.

When you need cryptographic security, you should not be using user space generators. Instead, you should be using the system's CSPRNG via window.crypto.getRandomValues() which is available in every modern JavaScript implementation, both client browsers and server-side frameworks. Further, ISAAC is vulnerable to known plaintext attacks (2001). Additional analysis demonstrating further weaknesses (2006).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@atoponce