docs: more explicit crypto.pseudoRandomBytes information

[calvinmetcalf]

the docs as it is make it sound like pseudoRandomBytes is tapping a different entropy source or possibly might be a /dev/urandom to crypto.pseudoRandomBytes's /dev/random.

Is there a reason pseudoRandomBytes is in the api in the first place?

[bnoordhuis]

Is there a reason pseudoRandomBytes is in the api in the first place?

Yes, but the reason may be invalid. When I added them, I reasoned that people may want to plug in a custom RAND engine but, to this day, I've never heard of anyone actually doing that. I speculate that people with hardware RNG devices feed that entropy into the system entropy pool, not directly into openssl.

The PR LGTM but can you update the commit log? The first line should be <= 50 characters and there should be one or two lines describing the what and why of the change. Thanks!

[bnoordhuis]

On the subject of crypto.pseudoRandomBytes(), your PR made me realize that there is probably no downside to making it an alias of crypto.randomBytes(). In the past, there was a material difference between them, but as of f68a116, that's no longer the case.

[calvinmetcalf]

Ok can amend the commit.

Would it make sense to think about depreciating it?

On Wed, Jan 21, 2015, 5:59 PM Ben Noordhuis [email protected]
wrote:

Is there a reason pseudoRandomBytes is in the api in the first place?

Yes, but the reason may be invalid. When I added them, I reasoned that
people may want to plug in a custom RAND engine but, to this day, I've
never heard of anyone actually doing that. I speculate that people with
hardware RNG devices feed that entropy into the system entropy pool, not
directly into openssl.

The PR LGTM but can you update the commit log? The first line should be <=
50 characters and there should be one or two lines describing the what and
why of the change. Thanks!

—
Reply to this email directly or view it on GitHub
#545 (comment).

[calvinmetcalf]

Ok i can update the pull to do that as well

On Wed, Jan 21, 2015, 6:03 PM Ben Noordhuis [email protected]
wrote:

On the subject of crypto.pseudoRandomBytes(), your PR made me realize that
there is probably no downside to making it an alias of
crypto.randomBytes(). In the past, there was a material difference between
them, but as of f68a116
f68a116,
that's no longer the case.

—
Reply to this email directly or view it on GitHub
#545 (comment).

[bnoordhuis]

@calvinmetcalf Let's start with the documentation update. Changing crypto.pseudoRandomBytes() would also require ripping out some code from src/node_crypto.cc.

[calvinmetcalf]

Haha ok won't get ahead of myself

On Wed, Jan 21, 2015, 6:07 PM Ben Noordhuis [email protected]
wrote:

@calvinmetcalf https://github.com/calvinmetcalf Let's start with the
documentation update. Changing crypto.pseudoRandomBytes() would also
require ripping out some code from src/node_crypto.cc.

—
Reply to this email directly or view it on GitHub
#545 (comment).

[calvinmetcalf]

updated

[bnoordhuis]

Thanks Calvin, landed in d481bb6 with minor touch-ups for line length.