Crypto.randomBytes sources of entropy sources

Question

Crypto.randomBytes sources of entropy sources

I tried to generate very large amounts (> 1 GB) of pseudo-random data using the crypto.randomBytes() method, but I could not throw an exception for depleted sources of entropy to find out what my application would do in case of this possible exception.

From Node.JS docs:

Note. Throws an error or causes an error callback if that is not enough. accumulated entropy to generate cryptographically strong data.

My question is:

How to merge all sources of entropy to make crypto.randomBytes() to create an exception?

+7

node.js

micnic May 04 '14 at 16:01

source share

1 answer

qzb · Accepted Answer · 2015-11-01T10:46:59+0000

The short answer is you cannot.

The answer is a little longer - it depends on the OS. I assume you are using Linux. In theory, the linux entropy pool can be easily drained using the following script:

 #!/bin/bash while true; do # write how much entropy is left cat /proc/sys/kernel/random/entropy_avail # drain a little bit dd if=/dev/random of=/dev/null bs=1 count=1 2> /dev/null done

Running this script ultimately blocks operations that use /dev/random but not /dev/urandom . Urandom does not read directly from the entropy pool, it uses PRNG and reloads it (by default) every 60 seconds using /dev/random . So what happens when the entropy pool dries? Nothing. The PRNG will not be reloaded, but it will still generate new numbers, not cryptographically strong ones.

The only time this exception can be thrown is right after the system boots for the first time. I think this is rather unlikely ... Of course, other operating systems may handle this issue differently, but while you are using Linux, you should not worry about that.

Crypto.randomBytes sources of entropy sources

More articles: