Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Crypto.randomBytes handling exception do to inadequate entropy?

Tags:

javascript

node.js

cryptography

In the documentation for this method it states that it will throw an exception if there is an inadequate amount of entropy to generate the data. My question pertains to the entropy. How is it generated and can you prevent an exception from being thrown by providing adequate entropy? How common will an exception be thrown, or is it unknown?

Documentation for crypto.randomBytes:

crypto.randomBytes(size, [callback])

// async
crypto.randomBytes(256, function(ex, buf) {
  if (ex) throw ex;
  console.log('Have %d bytes of random data: %s', buf.length, buf);
});

Generates cryptographically strong pseudo-random data.

Will throw error or invoke callback with error, if there is not enough accumulated entropy to generate cryptographically strong data. In other words, crypto.randomBytes without callback will not block even if all entropy sources are drained.

In the following example, how would I handle an exception properly and still completely fill the array, basically ensuring the array has been filled completely with the generated bytes. Would I just catch the exception and generate a new array within the catch block, but would if that also throws an exception? Essentially how would I make this code work properly 100% of the time?

var codes = [];
for(var i = 0;i < 100;i++){
     (function(i){
          crypto.randomBytes(256, function(ex, buf) {
               if (ex) throw ex;
               codes[i] = buf.toString('hex');
          });
     })(i)
}
like image 507
Michael Avatar asked Jul 05 '14 01:07

Michael

1 Answers

If no entropy is available, your best bet would be to wait a bit and try again. How long you'd need to wait depends on how much entropy you need and how the underlying entropy sources work.

In practice, I doubt that you'll have any problems. I don't know what Node.js does under the covers, equivalent functions in other libraries are generally implemented as calls to the OS's entropy pool - e.g. /dev/urandom or CryptGenRandom() - or as CSPRNGs that are seeded from the OS's entropy pool. In either case, you'll never block.

Blocking is only an issue if you're reading from /dev/random on Linux. This is because /dev/random may block on Linux, but doesn't on other platforms. It could also be an issue if you're reading directly from a hardware RNG.

like image 136
user3553031 Avatar answered Oct 21 '22 12:10

user3553031
Sign in to Comment

Related questions

What benefit do you get in javascript declaring an array with a specific length? [duplicate]
Showing floor picker in google maps api for javascript
IE click event troubles
How to find specific html elements, AngularJS, protractor
Angularjs calling java functions
Upload a txt to Amazon S3
Loop video with media fragments?
Why do I get an entry into the dblclick handler when double click was not issued?
AngularJS ng-repeat conditionals
Selected and remove all matching data attributes
Facebook - fb graph api js sdk giving wrong response for user-id
Reactjs - getting data from server and updating
Bootstrap tooltip hidden by parent div
Desktop capture chrome plugin
Test if event was not triggered on element with Jasmine spy
asp.net server side disabled Radiobutton enabled on client side
How do I set the radio button to "checked" in Bootstrap? [duplicate]
How to use Browserify & iOS JavaScriptCore
MutationObserver and Shadow DOM
How do I read JS as data from a script tag?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!