[英]What is the source of entropy for Crypto.getRandomValues?
I'm working on large web application which uses forge.js to generate RSA private keys on client side. 我正在开发大型Web应用程序,它使用forge.js在客户端生成RSA私钥。 As far as i read Forge documentation - https://github.com/digitalbazaar/forge#rsa - IT uses webcrypto API from the browser to generate RSA key/provide random numbers . 至于我阅读Forge文档 - https://github.com/digitalbazaar/forge#rsa - IT使用浏览器中的webcrypto API生成RSA密钥/提供随机数。
I have also a bunch of selenium2 tests which verifies different scenarios (related to RSA generation). 我还有一堆selenium2测试,用于验证不同的场景(与RSA生成相关)。 I observe frequent test timeout when tests are executed on docker environments. 在docker环境中执行测试时,我会观察到频繁的测试超时。 My docker environments uses Ubuntu. 我的docker环境使用Ubuntu。 Tests are executed on Firefox 64 with use of selenium2 3.11 使用selenium2 3.11在Firefox 64上执行测试
After some analysis I reached the conclusion that test timeouts are caused by slow RSA keygeneration. 经过一些分析后,我得出结论,测试超时是由RSA密钥生成缓慢引起的。 Of course, the analysis is not bulletproof as the problem is hot reproducible on developer machine. 当然,分析不是防弹的,因为问题在开发者机器上是可热再现的。
From analysis od similar problems in Java, i know that this might be caused by use of blocking source of entropy - /dev/random instead of /dev/urandom. 从Java中的类似问题的分析,我知道这可能是由于使用阻塞熵源 - / dev / random而不是/ dev / urandom引起的。 So my questions are: 所以我的问题是:
You can not choose the source of entropy for Web Crypto. 您无法为Web Crypto选择熵源。
In general delay in key generation of RSA keys is primality checking, not gathering randomness. 通常,RSA密钥的密钥生成的延迟是素性检查,而不是收集随机性。
Instead of using forge for RSA key generation, use Web Crypto directly - https://github.com/diafygi/webcrypto-examples#rsassa-pkcs1-v1_5---generatekey 不使用forge进行RSA密钥生成,而是直接使用Web Crypto - https://github.com/diafygi/webcrypto-examples#rsassa-pkcs1-v1_5---generatekey
If you need key generation in Node in a Javascript compatible interface, look at: https://github.com/PeculiarVentures/webcrypto 如果您需要在兼容Javascript的界面中在Node中生成密钥,请查看: https : //github.com/PeculiarVentures/webcrypto
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.