From 73149dd1257d6e2efac6b276ba6f05b46c61170c Mon Sep 17 00:00:00 2001
From: Ryan Rogers <ryan@timewasted.me>
Date: Tue, 24 Oct 2017 10:01:38 -0700
Subject: [PATCH] Use arc4random_uniform() to avoid modulo bias. (#669)

Avoid a possible modulo bias in randomCharacter by using arc4random_uniform().
---
 MacPass/NSString+MPPasswordCreation.m | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/MacPass/NSString+MPPasswordCreation.m b/MacPass/NSString+MPPasswordCreation.m
index f496d363..c5782100 100644
--- a/MacPass/NSString+MPPasswordCreation.m
+++ b/MacPass/NSString+MPPasswordCreation.m
@@ -112,10 +112,7 @@ static NSString *mergeWithoutDuplicates(NSString* baseCharacters, NSString* cust
   if(self.length == 0) {
     return nil;
   }
-  NSData *data = [NSData kpk_dataWithRandomBytes:sizeof(NSUInteger)];
-  NSUInteger randomIndex;
-  [data getBytes:&randomIndex length:data.length];
-  return [self composedCharacterAtIndex:(randomIndex % self.composedCharacterLength)];
+  return [self composedCharacterAtIndex:arc4random_uniform((int)[self length])];
 }
 
 - (CGFloat)entropyWhithPossibleCharacterSet:(MPPasswordCharacterFlags)allowedCharacters orCustomCharacters:(NSString *)customCharacters {