mirror of
https://github.com/Luzifer/ots.git
synced 2025-01-22 20:31:07 -05:00
Replace password generation with web-crypto API
in order to remove insecure RNG provided in `Math.random()` closes #64 Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
279d87ceb1
commit
10f9cb2a08
@ -168,6 +168,9 @@
|
|||||||
import axios from 'axios'
|
import axios from 'axios'
|
||||||
import AES from 'gibberish-aes/src/gibberish-aes'
|
import AES from 'gibberish-aes/src/gibberish-aes'
|
||||||
|
|
||||||
|
const passwordCharset = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
|
||||||
|
const passwordLength = 20
|
||||||
|
|
||||||
export default {
|
export default {
|
||||||
name: 'App',
|
name: 'App',
|
||||||
|
|
||||||
@ -212,8 +215,9 @@ export default {
|
|||||||
methods: {
|
methods: {
|
||||||
// createSecret executes the secret creation after encrypting the secret
|
// createSecret executes the secret creation after encrypting the secret
|
||||||
createSecret() {
|
createSecret() {
|
||||||
this.securePassword = Math.random().toString(36)
|
this.securePassword = [...window.crypto.getRandomValues(new Uint8Array(passwordLength))]
|
||||||
.substring(2)
|
.map(n => passwordCharset[n % passwordCharset.length])
|
||||||
|
.join('')
|
||||||
const secret = AES.enc(this.secret, this.securePassword)
|
const secret = AES.enc(this.secret, this.securePassword)
|
||||||
|
|
||||||
axios.post('api/create', { secret })
|
axios.post('api/create', { secret })
|
||||||
|
Loading…
Reference in New Issue
Block a user