Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make nonce generator cryptographically secure #90

Open
tjcouch-sil opened this issue Mar 20, 2023 · 0 comments
Open

Make nonce generator cryptographically secure #90

tjcouch-sil opened this issue Mar 20, 2023 · 0 comments
Labels
BLOCKED Waiting on something before able to be worked
Milestone
2023-12 Q4 Mainte...

Comments

@tjcouch-sil
Copy link
Member

tjcouch-sil commented Mar 20, 2023
edited
Loading

W3C's nonce spec specifies that nonces must be generated in a cryptographically secure fashion. We need to make a way to generate these in a polymorphic way to be able to generate them from node or from browser uniformly from shared/Util.ts. https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues should work great on browser, and Node has an implementation of the same method in their webcrypto library. However, you must import the node crypto library to use it in Node. Figure out a way to use this crypto.getRandomValues method or some similar method. Maybe use the NormalModuleReplacementPlugin to import crypto appropriately.

Depends on #63
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
BLOCKED Waiting on something before able to be worked
Projects
Paranext
Status: 📥 On Deck
Milestone
2023-12 Q4 Maintenance
Development

No branches or pull requests
2 participants
@katherinejensen00 @tjcouch-sil