-
-
Notifications
You must be signed in to change notification settings - Fork 879
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CRITICAL] Unsafe fallback to Math.random #118
Comments
This module should be considered completely broken and insecure until this issue is resolved. My current advice would be to use the defunctzombie fork (on npm as |
srhoulam
referenced
this issue
in ga-wdi-boston/node-express-session-lesson
Aug 18, 2015
This was referenced Sep 10, 2015
joepie91
changed the title
Unsafe fallback to Math.random
[CRITICAL] Unsafe fallback to Math.random
Sep 14, 2015
This was referenced Nov 12, 2015
fixed |
srhoulam
referenced
this issue
in ga-wdi-boston/node-express-session-lesson
Nov 22, 2015
srhoulam
referenced
this issue
in ga-wdi-boston/node-express-session-lesson
Nov 22, 2015
srhoulam
referenced
this issue
in ga-wdi-boston/node-express-session-lesson
Nov 22, 2015
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a critical issue, compromising the security of this module.
In this part of the code, this module will fall back to Math.random, regardless of the environment.
This is unsafe, as the
crypto
module may not always be available in Node.js environments - Node.js may have been compiled without OpenSSL, or a past or future version of Node.js may be used that does not carry the module. In this case, it will silently fall back to poor-quality random data.The correct behaviour in non-browser environments would be to throw an error, and refuse to continue, if no 'safe' random source can be obtained, and to let the system administrator fix their environment.
Ideally, in browser environments, it would be allowed to fall back to Math.random, but only if an
allowUnsafe
(or similar) flag were specified on usage. This means the behaviour is safe by default, but can still be run unsafely if old browsers absolutely must be supported, and cryptographically secure UUIDs are not required.EDIT: Apparently the
crypto
usage is broken in all cases? Per #108.The text was updated successfully, but these errors were encountered: