cryptographically strong secret generation

generate TOTP secret using WebCrypto API (see https://github.com/louislam/uptime-kuma/issues/640)
This commit is contained in:
Andreas Brett 2021-10-10 21:58:23 +02:00 committed by GitHub
parent ad0cde6554
commit 13cf6891ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -114,12 +114,21 @@ export function getRandomInt(min: number, max: number) {
return Math.floor(Math.random() * (max - min + 1)) + min; return Math.floor(Math.random() * (max - min + 1)) + min;
} }
export function getCryptoRandomInt(min, max) {
const randomBuffer = new Uint32Array(1);
crypto.getRandomValues(randomBuffer);
let randomNumber = randomBuffer[0] / (0xffffffff + 1);
min = Math.ceil(min);
max = Math.floor(max);
return Math.floor(randomNumber * (max - min + 1)) + min;
}
export function genSecret(length = 64) { export function genSecret(length = 64) {
let secret = ""; let secret = "";
let chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; const chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
let charsLength = chars.length; const charsLength = chars.length;
for ( let i = 0; i < length; i++ ) { for ( let i = 0; i < 64; i++ ) {
secret += chars.charAt(Math.floor(Math.random() * charsLength)); secret += chars.charAt(getCryptoRandomInt(0, charsLength));
} }
return secret; return secret;
} }