random-uuid should use a cryptographically strong PRNG if available

Question

{{random-uuid}} currently uses {{Math/random}} via {{rand-int}} to generate random numbers for v4 UUIDs. This patch aims to use a cryptographically strong PRNG (pseudo random number generator) instead, if available.

The functions used are:
{{window.crypto.getRandomValues}} in most browsers
{{window.msCrypto.getRandomValues}} in IE11
* {{Math/random}} in browsers not supporting the former or if the crypto module is not made available on Node.js

Currently not used:
* {{crypto.randomBytes}} on Node.js

Google Closure doesn't seem to provide feature detection or wrappers for the crypto-APIs, so the attached patch proposal implements a shim based on feature detection.

One open question is how the Node.js {{crypto}} module can be made available, since ClojureScripts {{core.cljs}} doesn't seem to have conditional {{require}} of Node.js-modules and maybe it should be kept this way.

Answer 1

Comment made by: mfikes

I get the following in Safari if 0008-CLJS-2386-fix-ie.patch is applied to master

cljs.user=> (random-uuid) Execution error (Error) at (<cljs repl>:1). Can only call Crypto.getRandomValues on instances of Crypto

Answer 2

Reference: https://clojure.atlassian.net/browse/CLJS-2386 (reported by abp)