And it still uses OpenSSL as a CSPRNG, rather than the operating system's CSPRNG... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sarciszewski on Oct 30, 2015 \| parent \| context \| favorite \| on: Node.js 5.0 Released And it still uses OpenSSL as a CSPRNG, rather than the operating system's CSPRNG (CryptGenRandom, /dev/urandom, etc.). I guess maybe they'll fix that in 6?

orthecreedence on Oct 30, 2015 [–]

And use what in Windows? A closed-source CSPRNG? Has there ever been a serious vulnerability/problem found with OpenSSL's CSPRNG? I'm actually curious as to why this is an issue.

slasaus on Oct 31, 2015 | [–]

Only the OS can guarantee that some entropy is not handed out twice. If you can't trust your OS with that, you might have bigger problems.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact