If crypto.randomBytes is cryptographically strong, is it safe to use as an RNG (and how?)

Question

So in the docs, crypto.randomBytes is described as "Generat[ing] cryptographically strong pseudo-random data". I assume it read off dev/random via openssl.

Now, does that mean it's safe to scale the random byte range to an integer range, as described in: Scaling Random Bytes to Selected Integer Range ?

My understanding was that somehow only something along the lines of a device reading atmospheric noise in three different locations would be genuinely cryto-strong.

You're confusing "cryptographically strong pseudo-random data" with "truly random data." — Chuck, Mar 28 '13 at 00:09

score 2 · Accepted Answer · answered Mar 28 '13 at 00:10

For actual random numbers, you need some hardware device.

However, cryptographically strong pseudo-random numbers (which this API says it guarantees) should be good enough for most purposes. In particular, they cannot be predicted (this is what cryptographically strong means) or a sample distinguished from a truly random sample.

If crypto.randomBytes is cryptographically strong, is it safe to use as an RNG (and how?)

1 Answers1