How random is crypto#randomBytes?

by

How random is crypto.randomBytes()? Usually, random enough for whatever purpose you need.

crypto.randomBytes() generates cryptographically secure random data:

crypto.randomBytes(size[, callback])

Generates cryptographically strong pseudo-random data. The size argument is a number indicating the number of bytes to generate.

This means that the random data is secure enough to use for encryption purposes. In fact, the function is just a wrapper around OpenSSL’s RAND_bytes() function. This part of their documentation states:

RAND_bytes will fetch cryptographically strong random bytes. Cryptographically strong bytes are suitable for high integrity needs, such as long term key generation. If your generator is using a software algorithm, then the bytes will be pseudo-random (but still cryptographically strong).

Unless you have a hardware random number generator, the bytes will be pseudo-random—generated predictably from a seed value. The seed is generated from an OS-specific source (/dev/urandom on Unix-like systems, CryptGenRandom on Windows). As long as your seed is relatively random and not known to an attacker, the data produced will appear totally random.

If you like, you could perform the test described here:

Given any arbitrary sequence of binary digits it is possible to examine it using statistical techniques. There are various suites of statistical tests available such as STS (Statistical Test Suite) available from NIST’s RANDOM NUMBER GENERATION page. This suite provides a number of different tests including:

  • The Frequency (Monobit) Test: Checks whether the proportion of 0s and 1s in a given sequence are approximately as one would expect
  • The Runs Test: Tests whether the number of runs of consecutive identical digits of varying lengths within a given sequence is as expected
  • The Longest Run of Ones in a block: Confirms whether the longest single run of ones within a sequence is as would be expected

That would give you a very good indication on how random your generator is on your system. Rest assured, though, that it’s likely to be virtually indistinguishable from a truly random source, so it should be sufficiently random for nearly any application.

More Related Contents:

  1. What’s wrong with nodejs crypto decipher?
  2. TypeScript getting error TS2304: cannot find name ‘ require’
  3. How to determine a user’s IP address in node
  4. Mongoose always returning an empty array NodeJS
  5. How do I redirect in expressjs while passing some context?
  6. Nodejs – Redirect url
  7. Extend Express Request object using Typescript
  8. Can an AWS Lambda function call another
  9. What is the fastest way to write a lot of documents to Firestore?
  10. How can I specify the required Node.js version in package.json?
  11. In Mongoose, how do I sort by date? (node.js)
  12. mongoError: Topology was destroyed
  13. NodeJS write base64 image-file
  14. CRUD blueprint overriding in sails.js
  15. nodejs – How to promisify http.request? reject got called two times
  16. Node Sass does not yet support your current environment: Linux 64-bit with false
  17. socket.io rooms or namespacing?
  18. how to release localhost from Error: listen EADDRINUSE
  19. How to set limit for array size in Mongoose schema
  20. Enable Access-Control-Allow-Origin for multiple domains in Node.js [duplicate]
  21. Use docker run command to pass arguments to CMD in Dockerfile
  22. Zip archives in node.js
  23. MongooseError – Operation `users.findOne()` buffering timed out after 10000ms
  24. Microsoft Bot framework: Sending Message on connect
  25. npm install -g less does not work: EACCES: permission denied
  26. Connecting Heroku App to Atlas MongoDB Cloud service
  27. How does require work with new operator in node.js?
  28. Mongoose nested query on Model by field of its referenced model
  29. Node Sass does not yet support your current environment: Windows 64-bit with Unsupported runtime (88)
  30. ENOENT: no such file or directory .?

Leave a Comment