Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Math.random() is not cryptographically secure #73

Open
gen0cide opened this issue Dec 29, 2020 · 0 comments
Open

Math.random() is not cryptographically secure #73

gen0cide opened this issue Dec 29, 2020 · 0 comments

Comments

@gen0cide
Copy link

node-saml/lib/utils.js

Line 61 in 7ee7984

function getRandomInt(min, max) {

This function is used to generate unique UIDs throughout the SAML library. Given that SAML deals with authentication, it seems like poor practice to not generate random UIDs in a cryptographically secure manner.

Reference: https://nodejs.org/api/crypto.html#crypto_crypto_randomint_min_max_callback
Guidance: https://gist.github.com/joepie91/7105003c3b26e65efcea63f3db82dfba
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gen0cide