Comments (5)
This repository provides just the latest version as a modularized port of https://code.google.com/p/crypto-js/ project.
You should report this issue directly to this project.
The project owner is Jeff.Mott.OR, I also found a github user @Jeff-Mott-OR, but I'm not sure whether he is the same guy. But 6 months ago he did some activity on his repository CryptoJS, but this repository doesn't exists anymore.
from crypto-js.
@daviddahl you can implement more sophisticated entropy, randomized seeds. Javascript wasn't designed for cryptography, so you'd have to implement a stronger generator. For instance, try seeding a curve-based generator and re-seed it per round, then fallback, switch to another generator, etc. it gets better with more entropy.
Here's a custom generator using Donald Knuth's linear congruential pseudo-random number generator (described in Art of Computer Programming - Volume 2: Seminumerical Algorithms, section 3.2.1):
random: function (nBytes) {
var words = [];
var r = (function (m_w) {
var m_w = m_w;
var m_z = 0x3ade68b1;
var mask = 0xffffffff;
return function () {
m_z = (0x9069 * (m_z & 0xFFFF) + (m_z >> 0x10)) & mask;
m_w = (0x4650 * (m_w & 0xFFFF) + (m_w >> 0x10)) & mask;
var result = ((m_z << 0x10) + m_w) & mask;
result /= 0x100000000;
result += 0.5;
return result * (Math.random() > .5 ? 1 : -1);
}
});
for (var i = 0, rcache; i < nBytes; i += 4) {
var _r = r((rcache || Math.random()) * 0x100000000);
rcache = _r() * 0x3ade67b7;
words.push((_r() * 0x100000000) | 0);
}
return new WordArray.init(words, nBytes);
}
I added the rcache
to seed the next round independently from the current round, it's still predictable if you control all parameters and have physical access to the engines' own seed. AFAIK in Chrome a new seed is generated each time a window is opened; this is different in ES6, where a new seed is generated per call. Needs reference
from crypto-js.
Please create a pull request with your fix on the develop
branch.
Is there somebody up to review it?
from crypto-js.
Done in 3.2.1-4, special thanks to @KenanSulayman
from crypto-js.
@KenanSulayman
Is 'ryptoJS.lib.WordArray.random' as secure as using browsers built in 'window.crypto.getRandomValues' function?
from crypto-js.
Related Issues (20)
- After upgrading from CryptoJS v4.0.0 to v4.2.0 HOT 2
- Insufficient Default Key Length in PBKDF2 Violates NIST Guidelines HOT 1
- Equivalent crypto-js implementation in web crypto APIs (to migrate after deprecation) HOT 1
- Production build crashes on Next v14.0.2. HOT 4
- After upgrading from CryptoJS v4.1.1 to v4.2.0 UTF-8 malformed exception when attempting to decrypt text HOT 2
- CryptoJS.PBKDF2 v4.1.x v4.2.x return values are inconsistent HOT 3
- Weakness In Crypto-Js PBKDF2 HOT 1
- Wrong result with migration from Crypto.AES.encrypt into node:crypto
- DataCrypt.js 解密微信步数的怎么没有了?是哪个啊
- Encryption in PHP and Decrypt in JS HOT 3
- Issue with AES.decrypt.
- (❗️❗️❗️已经不维护了)It is no longer maintained, so there is no need to raise issues 😂 HOT 1
- What does the SHA256 Function do with "non valid input"
- If the length of iv is less than 16, how does 'crypto-js' pad it (make the iv length expanded to the length of 16) HOT 1
- OH! Discontinued HOT 2
- Cannot read properties of undefined (reading 'AES') in typescript HOT 1
- Crypto-JS Critical Bug
- How can i decrypt string from mssql's aes encryption function?
- reduce size
- For super large ArrayBuffer, encryption will report RangeError: Invalid array length
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crypto-js.