randomBytes 与伪随机字节 [英] randomBytes vs pseudoRandomBytes
问题描述
在什么情况下(从安全角度)可以使用节点的 crypto.pseudoRandomBytes 而不是加密强的 crypto.randomBytes?
In what situations is it acceptable (from a security standpoint) to use node's crypto.pseudoRandomBytes instead of the cryptographically-strong crypto.randomBytes?
我认为 (不正确),但文档并没有真正说明它有多弱.pseudoRandomBytes 性能更好,但代价是更可预测
I assume (incorrect), but the docs don't really have much to say about how less-strong it is.pseudoRandomBytes performs better at the expense of being more predictable
具体来说,我想知道我是否可以使用 pseudoRandomBytes 来生成 CSRF 令牌.
Specifically, I'm wondering if I'm ok using pseudoRandomBytes to generate a CSRF token.
推荐答案
事实证明,使用默认的 OpenSSL(它与 node 捆绑在一起,但如果您已经构建了自己的可以配置不同的引擎)、生成随机数据的算法对于 randomBytes (RAND_bytes) 和 pseudoRandomBytes (RAND_pseudo_bytes).
As it turns out, with the default OpenSSL (which is bundled with node, but if you've built your own, it is possible to configure different engines), the algorithm to generate random data is exactly the same for both randomBytes (RAND_bytes) and pseudoRandomBytes (RAND_pseudo_bytes).
这两个调用之间唯一的区别取决于您使用的节点版本:
The one and only difference between the two calls depends on the version of node you're using:
- 在 v0.12 及更早的节点中,如果熵池尚未填充足够的数据,
randomBytes将返回错误.pseudoRandomBytes将始终返回字节,即使熵池没有正确播种. - 在节点 v4 及更高版本中,
randomBytes在熵池有足够的数据之前不会返回.这应该只需要几毫秒(除非系统刚刚启动).
- In node v0.12 and prior,
randomBytesreturns an error if the entropy pool has not yet been seeded with enough data.pseudoRandomByteswill always return bytes, even if the entropy pool has not been properly seeded. - In node v4 and later,
randomBytesdoes not return until the entropy pool has enough data. This should take only a few milliseconds (unless the system has just booted).
一旦给熵池注入了足够多的数据,它就永远不会耗尽",所以randomBytes和pseudoRandomBytes之间绝对没有有效的区别一旦熵池已满.
Once the the entropy pool has been seeded with enough data, it will never "run out," so there is absolutely no effective difference between randomBytes and pseudoRandomBytes once the entropy pool is full.
由于使用完全相同的算法生成随机数据,因此两次调用之间的性能没有差异(尽管是一次性熵池播种).
Because the exact same algorithm is used to generate randrom data, there is no difference in performance between the two calls (one-time entropy pool seeding notwithstanding).
这篇关于randomBytes 与伪随机字节的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
