node.js - randomBytes vs pseudoRandomBytes -


in situations acceptable (from security standpoint) use node's crypto.pseudorandombytes instead of cryptographically-strong crypto.randombytes?

i assume pseudorandombytes performs better @ expense of being more predictable (incorrect), docs don't have how less-strong is.

specifically, i'm wondering if i'm ok using pseudorandombytes generate csrf token.

as turns out, with default openssl (which bundled node, if you've built own, possible configure different engines), the algorithm generate random data same both randombytes (rand_bytes) , pseudorandombytes (rand_pseudo_bytes).

the 1 , difference between 2 calls depends on version of node you're using:

  • in node v0.12 , prior, randombytes returns error if entropy pool has not yet been seeded enough data. pseudorandombytes return bytes, if entropy pool has not been seeded.
  • in node v4 , later, randombytes not return until entropy pool has enough data. should take few milliseconds (unless system has booted).

once the entropy pool has been seeded enough data, never "run out," there absolutely no effective difference between randombytes , pseudorandombytes once entropy pool full.

because exact same algorithm used generate randrom data, there no difference in performance between 2 calls (one-time entropy pool seeding notwithstanding).


Comments

Post a Comment

Popular posts from this blog

matlab - Deleting rows with specific rules -

i got 20*3 cell array , need delete rows contains "137", "2" , "n:t" origin data: 't' '' '' 'np(*)' '' '' [ 137] '' '' [ 2] '' '' 'are' 'and' 'np(fcc_a1#1)' '' '' '1:t' [ 1200] [0.7052] '' [1.2051e+03] [0.7076] '' 'are' 'and' 'np(fcc_a1#3)' '' '' '2:t' [ 1200] [0.0673] '' [1.2051e+03] [0.0671] '' 'are' 'and' 'np(m23c6)' '' '' '3:t' [ 1200] [0.227...
Read more

php - MySQLi multi_query results for later use -

i using mysqli multi_query work several select statemets @ time. know how handle results, able use them later in code. example: <?php //connection stuff $query = "select name, surname database1;"; $query.= "select car, year, type database2 carid='1';"; $query.= "select product, price database3;"; if ($mysqli->multi_query($query)) { if($result = $mysqli->store_result()) { while($row = $result->fetch_row()) { --> here? } } } ?> <html> <div id='persona'> <?php foreach() { --> print name + surname } ?> </div> <div id='cars'> <?php foreach() { --> print car + year + type } ?> </div> <div id='product'> <?php foreach() { --> print product + price } ?> </div> </html> one more thing, prepared statements not possible when using multiple_query, right? there no benefit in putting unrelated queries in 1 multi ...
Read more