while we do start the collection of randomness even before initializing our logic, raising the 'paranoia' parameter to 10 ensures that in legacy browsers not yet supporting the webcrypto API we would get an exception, instead of a weak key

js/privatebin.js

@@ -640,7 +640,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
          */
         me.getSymmetricKey = function()
         {
-            return sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 0), 0);
+            return sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 10), 0);
         };
 
         return me;