1
The library BitcoinJS (https://github.com/bitcoinjs) has a method called makeRandom(). Where does its entropy (randomness) come from? Is it as secure as the method from http://bitaddress.org/ (moving around the mouse), or even more so?
Where does the entropy of BitcoinJS' makeRandom() come from?
Answers
1
This code calls this code, which calls crypto.getRandomValues, which is a trustworthy cryptographically secure random number generator. It's secure enough to compete with bitaddress.org, as long as one's browser was not hacked.
Thank you, that was a big help. I think the phrase "Implementations are also required to use a seed with enough entropy, like a system-level entropy source." on the page you mentioned is interesting. So I guess, if I use bitcoinjs in my application, I would still have to provide a seed myself. If not I wonder where BitcoinJS takes it from. – Dalit Sairio – 2018-02-14T13:13:04.397
@DalitSairio "system-level entropy source" is called by browsers. Browsers will ask the system for entropy, and the
getRandomValueswill be secure enough. You don't need to provide a seed. – MCCCS – 2018-02-14T13:37:03.823