How to generate a random 6 digit passphrase in nod

2019-05-18 03:42发布

问题:

I am trying to generate exactly 6 random digits in Node.js, which needs to be cryptographically secure. Here is my code:

var crypto = require('crypto');

crypto.randomBytes(2, function(err, buffer) {
    console.log(parseInt(buffer.toString('hex'), 16));
});

The problem is that the result from this can be 4 or 5 digits, because we are converting from hex to decimal. Is there a way to keep the cryptographically secure function randomBytes(), but guarantee a 6 digit result?

回答1:

2 bytes have a maximum value of 65535, so you will never get 6 digits if you only use 2 bytes.

Use 3 bytes instead and then reduce it to 6 digits using substr:

var crypto = require('crypto');
crypto.randomBytes(3, function(err, buffer) {
    console.log(parseInt(buffer.toString('hex'), 16).toString().substr(0,6));
});

Another solution would be to execute randomBytes until you get a 6 digit value:

var crypto = require('crypto');
var secureVal = 0;
function generateSecureVal(cb) {
    crypto.randomBytes(3, function(err, buffer) {
        secureVal = parseInt(buffer.toString('hex'), 16);
        if (secureVal > 999999 || secureVal < 100000) {
            generateSecureVal(cb);
        } else {
            cb();
        }
    });
}

generateSecureVal(function(){
    console.log(secureVal);
});

The problem with the above is that it could theoretically get stuck in a neverending loop, and it will most likely use way more CPU cycles than the first example.