SimpleDRBG定义了一个简单的(不符合FIPS的)DRBG,它基本上只是使用一系列HMAC值的NIST HMAC_Generate函数。请注意,请求1个字节,其次是另一个与同时询问2个字节不同。
的RandomInt类是可以从类或从crypto
模块Node.js的的使用两randomBytes
类它创建任何随机有限数字或范围内的数字。
boundedRandomNumber
函数首先计算需要多少字节,这比要求的字节数量要高一点。这些字节然后被转换为一个大整数,称为candidate
。然后这个值返回,模数的界限。
while循环确保没有偏向光谱的低端,因为最高的candidate
值可能会返回介于0和X之间的值,其中X <在执行模bound
后被绑定。在那种情况下请求更多的字节。在目前的实现中,循环不止一次的机会并不是很高,所以这些函数应该是相对有效的。
所以文件simpledrbg.js
应包含:
crypto = require('crypto');
exports.SimpleDRBG = function (k) {
this.k = k;
this.v = new Buffer(0);
}
exports.SimpleDRBG.prototype.randomBytes = function(bytes) {
var result = new Buffer(0);
var generatedBytes = 0;
while (generatedBytes < bytes) {
this.hmac = crypto.createHmac('sha512', this.k);
this.hmac.update(this.v);
this.v = this.hmac.digest();
var tocopy = Math.min(this.v.length, bytes - generatedBytes);
if (tocopy == this.v.length) {
result = Buffer.concat([result, this.v]);
} else {
var vslice = this.v.slice(0, tocopy);
result = Buffer.concat([result, vslice]);
}
generatedBytes += tocopy;
}
return result;
}
和randomint.js
应包含:
crypto = require('crypto'),
bigint = require('bigint');
drbg = require('./simpledrbg');
function RandomInt(randomizer) {
this.randomizer = randomizer;
}
/**
* Returns a bounded random number, i.e. in the range [0..bound).
* The highest possible value that may be returned is bound - 1.
* Use boundedRandomNumber (bound + 1) if you want the bound value to
* be the highest possible value that can be returned.
*/
RandomInt.prototype.boundedRandomNumber = function (bound) {
BYTE_SIZE = 8;
bigBound = bigint(bound);
bigBoundLen = bigint(bigBound.bitLength());
// request a higher number of bytes just to be sure that
// the candidates are selected with high probability
bytesToRequest = bigBoundLen.add(BYTE_SIZE).sub(1).div(BYTE_SIZE).add(1);
// bigBound won't fit an integral number of times in the max value returned
// so if it is higher than the largest n times bigBound, we need to try
// again
maxCandidateExcl = bigint(0x100).pow(bytesToRequest).div(bigBound).mul(bigBound);
// just an assignment that will skip the initial test
candidate = maxCandidateExcl;
while (candidate.ge(maxCandidateExcl)) {
bytes = this.randomizer.randomBytes(bytesToRequest.toNumber());
candidate = bigint.fromBuffer(bytes);
}
// return the well distributed candidate % bound
return candidate.mod(bigBound).toNumber();
}
/**
* Returns a ranged random number, i.e. in the range [lowerBound..upperBound).
* The highest possible value that may be returned is upperBound - 1.
* Use rangedRandomNumber (lowerBound, upperBound + 1) if you want the upperBound value to
* be the highest possible value that can be returned.
*/
RandomInt.prototype.rangedRandomNumber = function (lowerBound, upperBound) {
return lowerBound + boundedRandomNumber (upperBound - lowerBound);
}
var randomIntTRNG = new RandomInt(crypto);
var testTRNG = randomIntTRNG.boundedRandomNumber(1000000);
console.log(testTRNG);
var randomIntDRNG = new RandomInt(new drbg.SimpleDRBG('seed'));
var testDRNG = randomIntDRNG.boundedRandomNumber(1000000);
console.log(testDRNG);
你为什么使用createHmac()?有更好的工具,这不是createHmac()的用途。试试crypto.randomBytes() – dandavis 2014-10-18 19:05:25
你能指点我其他工具吗?我正在使用哈希函数,因为我需要证明这个数字不是由我或某人操纵的。 – Lazy 2014-10-18 19:07:56
如果你想要一个散列,使用散列,就像md5或更好的东西,但我不会得到随机部分进来的地方... – dandavis 2014-10-18 19:10:11