From 2e04d96ce9f83a2acb859e41e203469649d01ef3 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Fri, 26 May 2023 11:27:41 +0000 Subject: [PATCH] readme --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2773e43..97c56c1 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ packages. See [Resources](#resources) for articles and real-world software that We support all major platforms and runtimes. For [Deno](https://deno.land), ensure to use [npm specifier](https://deno.land/manual@v1.28.0/node/npm_specifiers). -For React Native, you may need a [polyfill for getRandomValues](https://github.com/LinusU/react-native-get-random-values). +For React Native, you may need a [polyfill for crypto.getRandomValues](https://github.com/LinusU/react-native-get-random-values). If you don't like NPM, a standalone [noble-curves.js](https://github.com/paulmillr/noble-curves/releases) is also available. The library is tree-shaking-friendly and does not expose root entry point as @@ -770,6 +770,10 @@ We consider infrastructure attacks like rogue NPM modules very important; that's The packages are big, which makes it hard to audit their source code thoroughly and fully. - They are only used if you clone the git repo and want to add some feature to it. End-users won't use them. +As for key generation, we're deferring to built-in +[crypto.getRandomValues](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues) +which is considered cryptographically secure (CSPRNG). + ## Speed Benchmark results on Apple M2 with node v20: