#is crypto.randombytes secure enough on it's own?

Okay so I'm making a website and I need completely unpredictable absolutely no way to predict it and what I'm currently doing is generating bytes from 3 seconds of microphone input AND adding randombytes onto that but it's slow and a horrible way to do it and I'm wondering if by itself randombytes cant be predicted

(also, how does randombytes work)

I don't know how it works, but the Node.JS docs says that it generates cryptographically strong pseudorandom numbers
"Cryptographically strong" means that it should be good enough for almost every use case

so if you need to generate some random data as a seed to encrypt something, crypto.randomBytes is good enough for that

(also, I'd recommend not combining other data with the output of crypto.randomBytes, because if you don't do it right, you may end up making it less random. I believe the right way would be to XOR each byte of the crypto.randomBytes output with each byte of the other random data. Still, you most likely won't need anything more than crypto.randomBytes)

You probably can't 100% rely on the client for randomness at all.

You can't be sure the client doesn't have a non-standard implementation of whatever API or hasn't monkeypatched it or modified your code.

It depends a lot on what you're using it for, though.

Not on the client it's too easy to manipulate

You can use /dev/urandom

crypto.randomBytes is cryptographically secure pseudo-random number generation though, you can trust it

pseudo-random = technically predictable in theory but impossible practically, if you could you'd also be able to break encryption algorithms

But this is state of the art unless you want to do something like cloudflare's lava lamps

This applies to Cryptrandomgen or whatever on windows right

I don't know

But msdn can tell you what windows calls give you cryptographic guarantees

Lol basically what i was trying to replicate