lundi 13 mai 2019

What is the source of entropy for Crypto.getRandomValues?

I'm working on large web application which uses forge.js to generate RSA private keys on client side. As far as i read Forge documentation - https://github.com/digitalbazaar/forge#rsa - IT uses webcrypto API from the browser to generate RSA key/provide random numbers .

I have also a bunch of selenium2 tests which verifies different scenarios (related to RSA generation). I observe frequent test timeout when tests are executed on docker environments. My docker environments uses Ubuntu. Tests are executed on Firefox 64 with use of selenium2 3.11

After some analysis I reached the conclusion that test timeouts are caused by slow RSA keygeneration. Of course, the analysis is not bulletproof as the problem is hot reproducible on developer machine.

From analysis od similar problems in Java, i know that this might be caused by use of blocking source of entropy - /dev/random instead of /dev/urandom. So my questions are:

  • what is the source of entropy in webcrypto (Firefox 64, webcrypto, docker)
  • can the source of entropy be changed?



Aucun commentaire:

Enregistrer un commentaire