Crypto.getRandomValues()

The Crypto.getRandomValues() method lets you get cryptographically strong random values. The array given as the parameter is filled with random numbers (random in its cryptographic meaning).

To guarantee enough performance, implementations are not using a truly random number generator, but they are using a pseudo-random number generator seeded with a value with enough entropy. The PRNG used differs from one implementation to the other but is suitable for cryptographic usages. Implementations are also required to use a seed with enough entropy, like a system-level entropy source.

Syntax

cryptoObj.getRandomValues(typedArray);

Parameters

typedArray

Is an integer-based TypedArray, that is an Int8Array, a Uint8Array, an Int16Array, a Uint16Array, an Int32Array, or a Uint32Array. All elements in the array are going to be overwritten with random numbers.

Return value

The input array. Note that typedArray is modified in-place, and no copy is made.

Exceptions

• A QuotaExceededError DOMException is thrown if the requested length is greater than 65536 bytes.

Examples

/* Assuming that window.crypto.getRandomValues is available */

var array = new Uint32Array(10);
window.crypto.getRandomValues(array);

console.log("Your lucky numbers:");
for (var i = 0; i < array.length; i++) {
  console.log(array[i]);
}

For a more secure implementation of Math.random, you could try this:

// Auto-upgrade Math.random with a more secure implementation only if crypto is available
(function() {
  var rng = window.crypto || window.msCrypto;
  if (rng === undefined)
    return;

  Math.random = function() {
    return rng.getRandomValues(new Uint32Array(1))[0] / 4294967296;
  };
})();

Specification

Browser compatibility

See also

• Window.crypto to get a Crypto object.
• Math.random, a non-cryptographic source of random numbers.