Question about React Native random bytes?

[kaxline]

Hi there, I notice that the app uses randomBytes from react-native-crypto and from what I understand that is only pseudo-random.

Here are a couple of the locations I found:

https://github.com/internxt/drive-mobile/blob/ba565cbfbcc4759dfc9fed707cc4c7bb27437e03/src/network/NetworkFacade.ts#L2

https://github.com/internxt/drive-mobile/blob/8b1a8e717cad2948df2b8b0cc5f2f83e6cf9a74a/src/%40inxt-js/lib/merkleTree.ts#L2

You can see here that react-native-crypto pulls in its randomBytes function from react-native-randombytes:

https://github.com/tradle/react-native-crypto/blob/1d8b2c5abe91ceb3d8499639038825424b7392e6/index.js#L4

And that react-native-randombytes is deprecated due to its pseudo-randomness:

https://github.com/mvayngrib/react-native-randombytes

And they recommend using react-native-get-random-values instead:

https://github.com/LinusU/react-native-get-random-values

I'm wondering if I'm understanding this chain of dependence correctly, and if so, if it would be better to switch to react-native-get-random-values instead.

If I have this right, I may be able to submit a PR at some point.

[PixoDev]

Hey! nice catch thanks for the report.

We are moving away slowly from some react-native-crypto implementations, so in the future we probably will refactor that dependency, but in the short therm we have other priorities.

The major problem is that react-native-crypto depends on react-native-randombytes, so we cannot remove that dependency directly.

I'll leave this issue open and once we submit a PR fixing this I'll ping over here.

Thanks!