Commit 1709de0e authored by Sietse Ringers's avatar Sietse Ringers
Browse files

Use CSPRNG for session tokens

parent 0371834a
Pipeline #20094 canceled with stages
in 1 minute and 58 seconds
package servercore
import (
"math/rand"
"crypto/rand"
"sync"
"time"
......@@ -63,10 +63,6 @@ var (
maxProtocolVersion = irma.NewVersion(2, 4)
)
func init() {
rand.Seed(time.Now().UnixNano())
}
func (s *memorySessionStore) get(t string) *session {
s.RLock()
defer s.RUnlock()
......@@ -174,9 +170,17 @@ func (s *Server) newSession(action irma.Action, request irma.RequestorRequest) *
}
func newSessionToken() string {
b := make([]byte, 20)
count := 20
r := make([]byte, count)
_, err := rand.Read(r)
if err != nil {
panic(err)
}
b := make([]byte, count)
for i := range b {
b[i] = sessionChars[rand.Int63()%int64(len(sessionChars))]
b[i] = sessionChars[r[i]%byte(len(sessionChars))]
}
return string(b)
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment