Bad advice in README.md

Emphasis mine:

> Use this to quickly generate random numbers with good statistical properties. NOTE: This generator is not cryptographically secure. **If you need a secure generator then consider ISAAC** for your application: a fast, long-period generator and discrete message cipher.

When you need cryptographic security, [you should not be using user space generators](https://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/). Instead, you should be using the system's CSPRNG via `window.crypto.getRandomValues()` [which is available in every modern JavaScript implementation,](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues#browser_compatibility) both client browsers and server-side frameworks. Further, [ISAAC is vulnerable to known plaintext attacks](https://eprint.iacr.org/2001/049) (2001). [Additional analysis](https://eprint.iacr.org/2006/438) demonstrating further weaknesses (2006).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bad advice in README.md #2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Bad advice in README.md #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions