加密#randomBytes 的随机性如何? [英] How random is crypto#randomBytes?
问题描述
crypto.randomBytes(20).toString('hex')有多随机?
就这么简单,我只需要知道.
crypto.randomBytes()的随机性如何?通常,足够随机以用于您需要的任何目的.
crypto.randomBytes() 生成 加密安全随机数据:
crypto.randomBytes(size[, callback])
生成加密性强的伪随机数据.size 参数是一个数字,表示要生成的字节数.
这意味着随机数据足够安全,可以用于加密目的.实际上,该函数只是 OpenSSL 的一个包装器RAND_bytes() 函数.这部分文档 声明:
RAND_bytes 将获取加密强的随机字节.加密强字节适用于高完整性需求,例如长期密钥生成.如果您的生成器使用软件算法,那么字节将是伪随机的(但仍然具有加密强度).
除非您有硬件随机数生成器,否则字节将是伪随机——从种子值可预测地生成.种子是从 操作系统特定的源 (/dev/urandom 在类 Unix 系统上,CryptGenRandom 在 Windows 上).只要你的种子是相对随机的并且不为攻击者所知,所产生的数据就会显得完全随机.
如果您愿意,可以执行此处所述的测试::p><块引用>
给定任意二进制数字序列,可以使用统计技术对其进行检查.NIST 的 RANDOM NUMBER GENERATION 页面提供了各种可用的统计测试套件,例如 STS(统计测试套件).该套件提供了许多不同的测试,包括:
- 频率(单比特)测试:检查给定序列中 0 和 1 的比例是否大致符合预期
- 运行测试:测试给定序列中不同长度的连续相同数字的运行次数是否符合预期
- 一个块中最长的单次运行:确认序列中最长的单次运行是否符合预期
这会给你一个很好的指示你的生成器在你的系统上的随机性.不过请放心,它可能与真正的随机源几乎无法区分,因此对于几乎任何应用程序来说,它都应该是足够随机的.
How random is crypto.randomBytes(20).toString('hex')?
Easy as that, all I need to know.
How random is crypto.randomBytes()? Usually, random enough for whatever purpose you need.
crypto.randomBytes() generates cryptographically secure random data:
crypto.randomBytes(size[, callback])
Generates cryptographically strong pseudo-random data. The size argument is a number indicating the number of bytes to generate.
This means that the random data is secure enough to use for encryption purposes. In fact, the function is just a wrapper around OpenSSL's RAND_bytes() function. This part of their documentation states:
RAND_bytes will fetch cryptographically strong random bytes. Cryptographically strong bytes are suitable for high integrity needs, such as long term key generation. If your generator is using a software algorithm, then the bytes will be pseudo-random (but still cryptographically strong).
Unless you have a hardware random number generator, the bytes will be pseudo-random—generated predictably from a seed value. The seed is generated from an OS-specific source (/dev/urandom on Unix-like systems, CryptGenRandom on Windows). As long as your seed is relatively random and not known to an attacker, the data produced will appear totally random.
If you like, you could perform the test described here:
Given any arbitrary sequence of binary digits it is possible to examine it using statistical techniques. There are various suites of statistical tests available such as STS (Statistical Test Suite) available from NIST's RANDOM NUMBER GENERATION page. This suite provides a number of different tests including:
- The Frequency (Monobit) Test: Checks whether the proportion of 0s and 1s in a given sequence are approximately as one would expect
- The Runs Test: Tests whether the number of runs of consecutive identical digits of varying lengths within a given sequence is as expected
- The Longest Run of Ones in a block: Confirms whether the longest single run of ones within a sequence is as would be expected
That would give you a very good indication on how random your generator is on your system. Rest assured, though, that it's likely to be virtually indistinguishable from a truly random source, so it should be sufficiently random for nearly any application.
这篇关于加密#randomBytes 的随机性如何?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
