Merge pull request 'use uniform sampling in secure-rndstr' (#33) from sugar/forkey:use-uniform-sampling-in-secure-rndstr into main

Reviewed-on: #33 Reviewed-by: leah <leah@noreply.woem.men>
2025-01-17 14:22:10 +00:00 · 2025-01-17 14:22:10 +00:00 · 7c3eb990a6
commit 7c3eb990a6
parent b279f6e3d2 e6872e4f3b
1 changed files with 1 additions and 9 deletions
--- a/packages/backend/src/misc/secure-rndstr.ts
+++ b/packages/backend/src/misc/secure-rndstr.ts
@ -9,17 +9,9 @@ export const L_CHARS = '0123456789abcdefghijklmnopqrstuvwxyz';
 const LU_CHARS = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
 export function secureRndstr(length = 32, { chars = LU_CHARS } = {}): string {
 	const chars_len = chars.length;
 	let str = '';
 	for (let i = 0; i < length; i++) {
-		let rand = Math.floor((crypto.randomBytes(1).readUInt8(0) / 0xFF) * chars_len);
+		str += chars.charAt(crypto.randomInt(chars.length));
 		if (rand === chars_len) {
 			rand = chars_len - 1;
 	}
 		str += chars.charAt(rand);
 	}
 	return str;
 }