If crypto.randomBytes is cryptographically strong, is it safe to use as an RNG (and how?)
So in the docs, crypto.randomBytes is described as "Generat[ing] Cryptographically Strong pseudo-random data". I assume it read off dev/random via openssl.
Now, does that mean it's safe to scale the random byte range to an integer range, as described in: Scaling Random Bytes to Selected Integer Range ?
My understanding was that somehow only something along the lines of a device reading atmospheric noise in three different locations would be genuinely cryto-Strong.
For actual random numbers, you need some hardware device.
However, Cryptographically strong pseudo-random numbers (which this API says it guarantees) should be good enough for most purposes. In particular, they cannot be predicted (this is what cryptographically strong means) or a sample distinguished from a truly random sample.