You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since Math.random could potentially return the same value twice and it is not cryptographically secure causing the insecure randomness when we scan the code in the fortify tool.
Please confirm if there is any future plan to remove Math.random and use cryptographically secure code for getting random values.
just by using crypto API
const myArray = new Uint32Array(10);
crypto.getRandomValues(myArray);
Below APIs are dependent on the defaultsource which gives Math.random values
d3.uniform
d3.int
d3.normal
d3.logNormal
d3.irwinHall
d3.bates
d3.exponential
d3.pareto
d3.bernoulli
d3.geometric
d3.gamma
d3.beta
d3.binomial
d3.weibull
d3.cauchy
d3.logistic
d3.poisson
The text was updated successfully, but these errors were encountered:
shubhamvinayak
changed the title
Insecure Randomness for the useof Math.random() in lcg API (security vulnerability)
Insecure Randomness for the useof Math.random() in lcg API and defaultSource.js (security vulnerability)
Jan 20, 2023
Since Math.random could potentially return the same value twice and it is not cryptographically secure causing the insecure randomness when we scan the code in the fortify tool.
Please confirm if there is any future plan to remove Math.random and use cryptographically secure code for getting random values.
just by using crypto API
lcg: https://github.com/d3/d3-random/blob/main/src/lcg.js#L6
deafultSource.js: https://github.com/d3/d3-random/blob/main/src/defaultSource.js#L1
Below APIs are dependent on the defaultsource which gives Math.random values
d3.uniform
d3.int
d3.normal
d3.logNormal
d3.irwinHall
d3.bates
d3.exponential
d3.pareto
d3.bernoulli
d3.geometric
d3.gamma
d3.beta
d3.binomial
d3.weibull
d3.cauchy
d3.logistic
d3.poisson
The text was updated successfully, but these errors were encountered: