Random PRNG - how secure is it?

paulmillr / noble-ed25519

Fastest 4KB JS implementation of ed25519 signatures

https://paulmillr.com/noble

MIT License

414 stars 50 forks source link

Random PRNG - how secure is it? #93

Closed mangoplane closed 1 year ago

mangoplane commented 1 year ago

Hi Paul,

Great work. Just wondering how secure the random number generator used for seeding keygen. Any chance you could elaborate on that in your documentation? Also, is there any chance we can provide a source of entropy, say from hardware or random.org?

Kind regards.

paulmillr commented 1 year ago

It's using browser's https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues which is considered cryptographically secure.

Also, is there any chance we can provide a source of entropy, say from hardware or random.org

You can do whatever you want, but to me using random.org seems like a terrible idea.

Best thing to do is to verify the entropy randomness by yourself.

mangoplane commented 1 year ago

Thanks for your suggestions and comments. I will look more into CS PRNG, and the particular variant that W3C (the standard I believe the browser is following) requires for the Crypto Web API. All the best.

paulmillr commented 1 year ago

Adjusted the documentation.

paulmillr commented 1 year ago

Yes, it requires crypto web api, because you can't emulate the CSPRNG in browser. It requires access to hardware entropy, which crypto.getRandomValues provides.

What's your platform?