-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insecure Default RandomSecret() Generator #3
Comments
|
I had issue with the seed in random string generator. I ended up with this:
|
feat: add User Repository Update method
I think as @xlzd already noted, So, maybe in your project you can use your own implementation of RandomSecret function which uses more secure random number generator. Maybe we need to add in documentation, to not use RandomSecret, but implement their own with seeding of rand during program startup. |
This project should use It's very easy to use. For example, https://pkg.go.dev/crypto/rand#example-Read : package main
import (
"bytes"
"crypto/rand"
"fmt"
)
func main() {
c := 10
b := make([]byte, c)
_, err := rand.Read(b)
if err != nil {
fmt.Println("error:", err)
return
}
// The slice should now contain random bytes instead of only zeroes.
fmt.Println(bytes.Equal(b, make([]byte, c)))
} |
@ghost this is not much better. Better to use |
Unsafe RNG is a very serious vulnerability in this OTP library and should be rectified asap. |
My apologies, skipped crypto/rand. Will review you pull request shortly. |
No problem! |
Commented here: #12 (comment) The constrained search space (base32) and very short (16 byte) sample size should be considered another vulnerability. |
By the way, thanks @mergenchik for having another look at this issue from @johncave. |
we need to check with RFC. HOTP RFC 4226 and TOTP RFC 6238. I will try to check if got some time. |
I checked documentation, there is no constraints on secret size. Future comments on secret size will be in #13. |
swtiched from |
The shared secret must be at least 128 bits but RFC 4226 recommends a shared secret length of at least 160 bits. |
Most other OTP packages (and other crypto packages like golang.org/x/crypto/nacl/box) utilize [32]byte for secrets. |
Using 128 bits in 2022 is a tiny bit anachronistic. ;) Is there a practical reason why you can't spare 16 additional bytes for the secret? |
Hi @codewinch, let's move this discussion to #13 if you do not mind. |
Using the current time as a random seed opens the library up to timing attacks if the time that the user enabled OTP can be guessed. Worse, some sites may record this as a matter of courtesy for example to display "You have had OTP enabled since October 2018".
The text was updated successfully, but these errors were encountered: