-
Notifications
You must be signed in to change notification settings - Fork 0
Combining Randomness
AmberIsCoding edited this page Oct 5, 2024
·
3 revisions
To maximize security, this password generator combines randomness from the user's local machine with external randomness from drand.
The Web Crypto API (W3C Web Cryptography API) is used to generate cryptographically secure pseudo-random numbers. This API is widely trusted and used in web browsers for secure applications, but is not truly random.
// Example of generating local randomness
const array = new Uint32Array(10);
window.crypto.getRandomValues(array);True randomness is pulled from Cloudflare's drand API, represented as a hexadecimal string of random bytes.
The XOR (exclusive OR) operation is used to merge local and external randomness byte by byte. This creates a final output that is more secure and less predictable than using either source alone.
// Example XOR operation combining local and Drand randomness
function xorRandomness(local, external) {
let combined = [];
for (let i = 0; i < local.length; i++) {
combined.push(local[i] ^ external[i]);
}
return combined;
}- Increased Entropy: The combined randomness provides more unpredictability than either source alone, making it ideal for secure password generation.
- Fault Tolerance: If one source is compromised, the other source maintains the overall security of the output.
- Layered Security: An attacker would need to compromise both the local system and Drand to predict the final output.