crypto.randomBytes(20).toString('hex')有多随机?
就这么简单,我只需要知道。
最佳答案
crypto.randomBytes() 的随机性如何?通常,足够随机以用于您需要的任何目的。
crypto.randomBytes()生成加密安全随机数据:
crypto.randomBytes(size[, callback])
Generates cryptographically strong pseudo-random data. The size argument is a number indicating the number of bytes to generate.
这意味着随机数据足够安全,可以用于加密目的。其实函数是just a wrapper围绕 OpenSSL 的 RAND_bytes()功能。 This part of their documentation状态:
RAND_bytes will fetch cryptographically strong random bytes. Cryptographically strong bytes are suitable for high integrity needs, such as long term key generation. If your generator is using a software algorithm, then the bytes will be pseudo-random (but still cryptographically strong).
除非您有硬件随机数生成器,否则字节将是伪随机——从种子值可预测地生成。种子是从 OS-specific source 生成的。 (在类 Unix 系统上为 /dev/urandom,在 Windows 上为 CryptGenRandom)。只要你的种子是相对随机的并且不为攻击者所知,所产生的数据就会显得完全随机。
如果您愿意,可以执行 here 中描述的测试:
Given any arbitrary sequence of binary digits it is possible to examine it using statistical techniques. There are various suites of statistical tests available such as STS (Statistical Test Suite) available from NIST's RANDOM NUMBER GENERATION page. This suite provides a number of different tests including:
- The Frequency (Monobit) Test: Checks whether the proportion of 0s and 1s in a given sequence are approximately as one would expect
- The Runs Test: Tests whether the number of runs of consecutive identical digits of varying lengths within a given sequence is as expected
- The Longest Run of Ones in a block: Confirms whether the longest single run of ones within a sequence is as would be expected
这会给你一个很好的指示你的生成器在你的系统上的随机性。不过请放心,它可能与真正的随机源几乎无法区分,因此对于几乎任何应用程序来说,它都应该是足够随机的。
关于node.js - 加密#randomBytes 的随机性如何?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43033412/