Node.js documentation strongly discourages the usage of crypto.randomBytes()
. However as I read in an answer of StackOverflow, in all methods of random string generation such as using timestamps etc. the best way to achieve highest entropy is crypto.randomBytes()
.
I would like to use this uuid strategy to generate validation keys in my node.js system. Is there any other better way performance-wise?
Using the uuid Package Unlike the crypto module, the uuid package is a third-party npm module. To install it, run the following command. uuid allows you to generate different ID versions: Version 1 and 4 generate a unique ID randomly generated.
crypto is built into Node. js, so it doesn't require rigorous implementation process and configurations. Unlike other modules, you don't need to install Crypto before you use it in your Node. js application.
NPM(Node Package Manager) is a package manager of Node. js packages. There is an NPM package called 'shortid' used to create short non-sequential url-friendly unique ids.
Crypto is a module in Node. js which deals with an algorithm that performs data encryption and decryption. This is used for security purpose like user authentication where storing the password in Database in the encrypted form. Crypto module provides set of classes like hash, HMAC, cipher, decipher, sign, and verify.
If you want to use CSPRNG, not really.
Using uuid
was suggested, but it simply calls crypto.randomBytes(16)
and converts it to hex string. randomBytes
blocking isn't really a problem, because it offers asynchronous api as well (second arg is callback). When generating such small amounts of data, using the sync api might be faster though.
Docs do still mention lack of entropy possibly causing longer block than usual. It should only be a problem right after boot though and even in that case blocking can be avoided by using the asynchronous api.
The crypto.randomBytes() method will not complete until there is sufficient entropy available. This should normally never take longer than a few milliseconds. The only time when generating the random bytes may conceivably block for a longer period of time is right after boot, when the whole system is still low on entropy.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With