JS md5 password autogenerator #194
Labels
Comments
|
The function is: function randomString( length ) {
var result = '';
var chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
for (var i = length; i > 0; --i) result += chars[Math.round(Math.random() * (chars.length - 1))];
return result;
}The built-in JavaScript Math.random() function is not a cryptographic-grade random number generator. That is not to say that I consider this implementation to be a security issue. A solution is now available for most platforms: crypto.getRandomValues() Using this, we can only allow random generation of the MD5 if that object is available. |
barryo
pushed a commit
that referenced
this issue
Jul 25, 2018
…about no privileges - fixes islandbridgenetworks/IXP-Manager-Archive-Yann#139 (#194)
barryo
pushed a commit
that referenced
this issue
Nov 20, 2018
…about no privileges - fixes islandbridgenetworks/IXP-Manager-Archive-Yann#139 (#194)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Do standard JS implementations have a good enough RNG to be able to create useful BGP MD5 passwords? (INEX ticket [QIG-18162-453])
The text was updated successfully, but these errors were encountered: