This repository has been archived by the owner on Jan 25, 2020. It is now read-only.
Password generation is flawed #662
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Password generation uses modulo reduction, which notoriously does not preserve uniformity of the random source.
MiniKeePass/MiniKeePass/Password Generator View/PasswordGeneratorViewController.swift
Line 102 in 9b42e00
See the documentation for the SystemRandomNumberGenerator. Something like
does generate cryptographically secure indices in the desired range, which is all that you need.
If you really want to use a Salsa20 key stream, you must implement proper uniform generation. To this end, have a look at the source of next(upperBound:).
The text was updated successfully, but these errors were encountered: