nikdoof/MacPass
1
1
Fork 0
mirror of https://github.com/MacPass/MacPass.git synced 2025-12-14 08:12:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use arc4random_uniform() to avoid modulo bias. (#669)

Browse Source 
Avoid a possible modulo bias in randomCharacter by using arc4random_uniform().
This commit is contained in:
Ryan Rogers
2017-10-24 10:01:38 -07:00
committed by Michael Starke
parent 0161435418
commit 73149dd125
1 changed files with 1 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
MacPass/NSString+MPPasswordCreation.m
View File

@@ -112,10 +112,7 @@ static NSString *mergeWithoutDuplicates(NSString* baseCharacters, NSString* cust
if(self.length == 0) { if(self.length == 0) {
return nil; return nil;
} }
NSData *data = [NSData kpk_dataWithRandomBytes:sizeof(NSUInteger)]; return [self composedCharacterAtIndex:arc4random_uniform((int)[self length])];
NSUInteger randomIndex;
[data getBytes:&randomIndex length:data.length];
return [self composedCharacterAtIndex:(randomIndex % self.composedCharacterLength)];
} }
- (CGFloat)entropyWhithPossibleCharacterSet:(MPPasswordCharacterFlags)allowedCharacters orCustomCharacters:(NSString *)customCharacters { - (CGFloat)entropyWhithPossibleCharacterSet:(MPPasswordCharacterFlags)allowedCharacters orCustomCharacters:(NSString *)customCharacters {