Node: Why not provide a function of secureRandom?

Created on 11 Dec 2017  路  3Comments  路  Source: nodejs/node

Node.js only provides strong pseudo-random data.
Why not provide a real random data?

crypto question
Source
picture rabbitooops

Most helpful comment

Define 'real random data'?

picture bnoordhuis on 11 Dec 2017
😄2

All 3 comments

Define 'real random data'?

bnoordhuis picture bnoordhuis on 11 Dec 2017
😄2

@rabbitmeow I'll try to answer this less cleverly.

In order to generate real random data you need a real random data source. There are node modules that actually do that for you true-random for example. You can also use random.org for real random numbers.

In practice for the vast majority of Node.js applications - using pseudorandom generation (like virtually every other such platform) is sufficient, secure and standard. When you call crypto.randomBytes(size[, callback]) the generated data is cryptographically secure - which is what most people care about when they say "random".

Node.js typically includes features that can't be implemented in a user-land module in order to keep the core small. Node doesn't really have any advantage on top of a user-land module here and in terms of the data source - you'd have to solve that anyway.

benjamingr picture benjamingr on 11 Dec 2017

Thank-you every much. 馃榿

rabbitooops picture rabbitooops on 12 Dec 2017
🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

fanjunzhi picture fanjunzhi  路  3Comments
danialkhansari picture danialkhansari  路  3Comments
Icemic picture Icemic  路  3Comments
srl295 picture srl295  路  3Comments
cong88 picture cong88  路  3Comments