From 1be1047a9454eae4332b501ea188b1cbe6d84e4f Mon Sep 17 00:00:00 2001 From: El RIDO Date: Wed, 1 Aug 2018 21:56:23 +0200 Subject: [PATCH] while we do start the collection of randomness even before initializing our logic, raising the 'paranoia' parameter to 10 ensures that in legacy browsers not yet supporting the webcrypto API we would get an exception, instead of a weak key --- js/privatebin.js | 2 +- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index ffb732f1..27014236 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -640,7 +640,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) { */ me.getSymmetricKey = function() { - return sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 0), 0); + return sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 10), 0); }; return me; diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 28b2641c..12e34336 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -75,7 +75,7 @@ if ($MARKDOWN): - + diff --git a/tpl/page.php b/tpl/page.php index 9a4a33c1..b5aeeabd 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -53,7 +53,7 @@ if ($MARKDOWN): - +