> So, in fact, the W3C is not telling us what algorithms to use at all. [so they'll all pick bottom-of-the-barrel-algos, which] in the hands of amateurs are akin to handling plutonium.<p>It isn't up to the browser to stop people shooting themselves in the foot, "Why is your web app's download verifier so slow?" "Oh because some person's blog demanded that only cryptographic functions he liked should be allowed, so I had to use a javascript-based one instead" sounds like a pain in the ass, but totally possible (mega, mediafire, etc), hypothetical<p>And browsers at this point in time are getting far better at making an approximate "standard" for these kinds of things<p>> However, this approach just doesn’t work in a browser, as illustrated by the MEGApwn utility<p>Yes, this approach doesn't work in a system where you can't generate a number on the other side of the sandbox. Hence, we should not try to make a system that would allow putting/creating a number on the other side of the sandbox? That logic is a bit daft, isn't it?