while we do start the collection of randomness even before initializing our logic, raising the 'paranoia' parameter to 10 ensures that in legacy browsers not yet supporting the webcrypto API we would get an exception, instead of a weak key

This commit is contained in:
El RIDO 2018-08-01 21:56:23 +02:00
parent a5e8eeaaf9
commit 1be1047a94
No known key found for this signature in database
GPG key ID: 0F5C940A6BD81F92
3 changed files with 3 additions and 3 deletions

View file

@ -640,7 +640,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
*/ */
me.getSymmetricKey = function() me.getSymmetricKey = function()
{ {
return sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 0), 0); return sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 10), 0);
}; };
return me; return me;

View file

@ -75,7 +75,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-C/vlB/eumPPeHhG1yef+INPYUqgFX2wZqKEXTdexDscnUfhXQZxQBvmrURPAgMhElJqlk9Tfn+jILk0d2Ds1DQ==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PEu5amE2sP02bgpzUExfuqPJEXUml1DiVlulUAH1SH4pBx4AQoWFNTwmsG08hhE0QDlZt+mkDDhgrJ6rVRunmQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

View file

@ -53,7 +53,7 @@ if ($MARKDOWN):
<?php <?php
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-C/vlB/eumPPeHhG1yef+INPYUqgFX2wZqKEXTdexDscnUfhXQZxQBvmrURPAgMhElJqlk9Tfn+jILk0d2Ds1DQ==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PEu5amE2sP02bgpzUExfuqPJEXUml1DiVlulUAH1SH4pBx4AQoWFNTwmsG08hhE0QDlZt+mkDDhgrJ6rVRunmQ==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->