use uniform sampling in secure-rndstr
All checks were successful
Lint / lint (backend) (pull_request) Successful in 3m18s
Lint / lint (frontend) (pull_request) Successful in 9m32s
Lint / typecheck (misskey-js) (pull_request) Successful in 2m30s
Lint / lint (sw) (pull_request) Successful in 2m28s
Lint / typecheck (backend) (pull_request) Successful in 3m39s
Lint / pnpm_install (pull_request) Successful in 2m27s
Test (backend) / e2e (22.x) (pull_request) Successful in 9m9s
Test (production install and build) / production (22.x) (pull_request) Successful in 2m49s
Test (backend) / unit (22.x) (pull_request) Successful in 6m58s
Test (frontend) / vitest (22.x) (pull_request) Successful in 3m12s
Test (backend) / validate-api-json (22.x) (pull_request) Successful in 3m57s
Lint / lint (misskey-js) (pull_request) Successful in 2m23s
All checks were successful
Lint / lint (backend) (pull_request) Successful in 3m18s
Lint / lint (frontend) (pull_request) Successful in 9m32s
Lint / typecheck (misskey-js) (pull_request) Successful in 2m30s
Lint / lint (sw) (pull_request) Successful in 2m28s
Lint / typecheck (backend) (pull_request) Successful in 3m39s
Lint / pnpm_install (pull_request) Successful in 2m27s
Test (backend) / e2e (22.x) (pull_request) Successful in 9m9s
Test (production install and build) / production (22.x) (pull_request) Successful in 2m49s
Test (backend) / unit (22.x) (pull_request) Successful in 6m58s
Test (frontend) / vitest (22.x) (pull_request) Successful in 3m12s
Test (backend) / validate-api-json (22.x) (pull_request) Successful in 3m57s
Lint / lint (misskey-js) (pull_request) Successful in 2m23s
the current implementation is biased towards making some characters 25% more common, with the default alphabet the more common characters being '0', '8', 'h', 'q', 'z', 'I', 'R', and 'Z' this changes the probability of all letters to be equal
This commit is contained in:
parent
b279f6e3d2
commit
e6872e4f3b
1 changed files with 1 additions and 9 deletions
|
|
@ -9,17 +9,9 @@ export const L_CHARS = '0123456789abcdefghijklmnopqrstuvwxyz';
|
||||||
const LU_CHARS = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
const LU_CHARS = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||||
|
|
||||||
export function secureRndstr(length = 32, { chars = LU_CHARS } = {}): string {
|
export function secureRndstr(length = 32, { chars = LU_CHARS } = {}): string {
|
||||||
const chars_len = chars.length;
|
|
||||||
|
|
||||||
let str = '';
|
let str = '';
|
||||||
|
|
||||||
for (let i = 0; i < length; i++) {
|
for (let i = 0; i < length; i++) {
|
||||||
let rand = Math.floor((crypto.randomBytes(1).readUInt8(0) / 0xFF) * chars_len);
|
str += chars.charAt(crypto.randomInt(chars.length));
|
||||||
if (rand === chars_len) {
|
|
||||||
rand = chars_len - 1;
|
|
||||||
}
|
|
||||||
str += chars.charAt(rand);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return str;
|
return str;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue