From fc1b825f46251e65b009ff96e4ef95d63a11e67d Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Sat, 15 Oct 2016 01:18:12 -0400 Subject: [PATCH] cryptographically secure RNG for password generator --- src/App/Services/PasswordGenerationService.cs | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/App/Services/PasswordGenerationService.cs b/src/App/Services/PasswordGenerationService.cs index 667f13ad0..3e833ba7c 100644 --- a/src/App/Services/PasswordGenerationService.cs +++ b/src/App/Services/PasswordGenerationService.cs @@ -4,13 +4,13 @@ using System.Linq; using System.Text; using Bit.App.Abstractions; using Plugin.Settings.Abstractions; +using PCLCrypto; namespace Bit.App.Services { public class PasswordGenerationService : IPasswordGenerationService { private readonly ISettings _settings; - private Random _random = new Random(); public PasswordGenerationService(ISettings settings) { @@ -104,7 +104,7 @@ namespace Bit.App.Services } // Shuffle - var positions = positionsBuilder.ToString().ToCharArray().OrderBy(a => _random.Next()).ToArray(); + var positions = positionsBuilder.ToString().ToCharArray().OrderBy(a => Next(int.MaxValue)).ToArray(); // Build out other character sets var allCharSet = string.Empty; @@ -168,11 +168,21 @@ namespace Bit.App.Services break; } - var randomCharIndex = _random.Next(0, positionChars.Length - 1); + var randomCharIndex = Next(positionChars.Length - 1); password.Append(positionChars[randomCharIndex]); } return password.ToString(); } + + private int Next(int maxValue) + { + if(maxValue == 0) + { + return 0; + } + + return (int)(WinRTCrypto.CryptographicBuffer.GenerateRandomNumber() % maxValue); + } } }