Allow omitting the seed to get a "random" start?

[tabatkins]

It was pointed out in TG3 review that being seeded and being "not a shitty race-to-the-bottom fast algorithm" are somewhat orthogonal. That is, people might want the qualities of "decent random generator" without necessarily wanting predictable seeded sequences.

Today, they'd have to gather some entropy for themselves, like using a timestamp and some user-specific entropy maybe? It seems tricky. UAs already generate some starting seed for Math.random() that is presumably at least decent for distinguishing users/frames/etc.

So, suggestion is that we allow the seed to be omitted, indicating that the UA should generate a random seed for you, with some guarantee that distinct invocations generate unrelated seeds.

Edit: one concern from TG3 is that their secure subset currently poisons Math.random() (replacing it with a throwing function) to prevent cross-realm communication via sequence observation of Math.random()'s bad RNG. They'd probably have to do the same poisoning to this signature of the constructor, replacing the constructor with a version that throws on an omitted seed and otherwise delegates to the normal constructor. It's a little annoying to do so, but not unreasonable.

[bakkot]

I don't really share the concerns about Math.random but I think there's a lot of use cases for a PRNG with serializable state where you don't necessarily care about using a particular seed, so that sounds good to me.