Exception: SecureRandom::EntropyError

Inherits:

NotImplementedError

Object
NotImplementedError
SecureRandom::EntropyError

show all

Defined in:: lib/opal_patches.rb

Overview

Raised when neither node:crypto.randomBytes nor Web Crypto getRandomValues is available. We FAIL CLOSED rather than return predictable bytes — silent degradation would let downstream code generate predictable session secrets, JWT signing keys, IVs, etc.

NOTE: extends NotImplementedError on purpose. CRuby’s SecureRandom raises NotImplementedError when no random device is available, and several gems (most notably Sinatra at line 1988 of base.rb) rescue NotImplementedError to fall back to Kernel.rand for module-load-time secrets. Cloudflare Workers blocks ALL random value generation at module-load (global) scope, so eager session_secret generation must take that fallback path. Request-time calls (where entropy is available) still get real cryptographic randomness; only the module-load case ever falls back, and Sinatra’s session secret is the lone caller that actually does that gracefully.