I need to generate secure random numbers using JS.
This random number generation must be as secure as possible(as random as possible).
So I clearly can't use Math.random() here.
AFAIK my best choice is to use Crypto API's crypto.getRandomValues() method.
I read that Crypto API is 'as secure as it gets'(apart from a 'true' RNG) and seeded with values taken from a platform-specific RNG like /dev/urandom(in unix).
1. Is crypto.getRandomValues() really secure? Are there any flows I should worry about?
2. Secure or insecure, should I take Crypto.getRandomValues()'s randomness any further? Like,
I can use crypto.getRandomValues() again to get a random value from the first result of crypto.getRandomValues().
OR
I can implement my own RNG that uses user mouse movements/time/window width/height as seed.
Then use random numbers from that RNG to randomly select a number from the result of crypto.getRandomValues().
Any insight would be appreciated.
Aucun commentaire:
Enregistrer un commentaire