Question
What is the state of today's web browsers (Chrome, IE, Safari & Firefox) and their ability to create cryptographically strong UUIDs? In researching this question I have been unable to find anything definitive. I have come across info on stackoverflow and elsewhere that points to issues with Math.random but I would like to know what the current state of all this is.
UPDATE
As icktoofay pointed out, crypto.getRandomValues is the way to do this. Unfortunately, support across browsers is limited. Is there a proven way to work around this? Are there any javascript libraries that tackle this problem?
Solution
In browsers that have it, you can use crypto.getRandomValues to get cryptographically-secure pseudorandom values. For example:
https://stackoverflow.com/questions/21213018
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianvar array = new Uint8Array(16);
crypto.getRandomValues(array);
You can then manipulate those bytes into a valid UUID.
OTHER TIPS
Although this doesn't directly answer the original question, it might help someone looking for a library to help with UUID creation. For my current needs I have decided to use the node-uuid library. From the feature list:
Looking at the source it seems to accomplish this by using crypto.getRandomValues which is what @icktoofay suggested.
Short answer, No! Long answer, http://www.matasano.com/articles/javascript-cryptography/
Trust me, I researched into this issue for a while. Crypto is experimental, and thus for the majority of browsers, it is a no. Node might however be better since it ties directly into the OS. You will need to research that though!
