while we do start the collection of randomness even before initializing our logic, raising the 'paranoia' parameter to 10 ensures that in legacy browsers not yet supporting the webcrypto API we would get an exception, instead of a weak key

2018-08-01 21:56:23 +02:00
parent a5e8eeaaf9
commit 1be1047a94
3 changed files with 3 additions and 3 deletions
--- a/js/privatebin.js
+++ b/js/privatebin.js
@@ -640,7 +640,7 @@ jQuery.PrivateBin = (function($, sjcl, Base64, RawDeflate) {
         */
        me.getSymmetricKey = function()
        {
-            return sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 0), 0);
+            return sjcl.codec.base64.fromBits(sjcl.random.randomWords(8, 10), 0);
        };

        return me;
--- a/tpl/bootstrap.php
+++ b/tpl/bootstrap.php
@@ -75,7 +75,7 @@ if ($MARKDOWN):
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-C/vlB/eumPPeHhG1yef+INPYUqgFX2wZqKEXTdexDscnUfhXQZxQBvmrURPAgMhElJqlk9Tfn+jILk0d2Ds1DQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PEu5amE2sP02bgpzUExfuqPJEXUml1DiVlulUAH1SH4pBx4AQoWFNTwmsG08hhE0QDlZt+mkDDhgrJ6rVRunmQ==" crossorigin="anonymous"></script>
 		<!--[if lt IE 10]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
 		<![endif]-->
--- a/tpl/page.php
+++ b/tpl/page.php
@@ -53,7 +53,7 @@ if ($MARKDOWN):
 <?php
 endif;
 ?>
-		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-C/vlB/eumPPeHhG1yef+INPYUqgFX2wZqKEXTdexDscnUfhXQZxQBvmrURPAgMhElJqlk9Tfn+jILk0d2Ds1DQ==" crossorigin="anonymous"></script>
+		<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-PEu5amE2sP02bgpzUExfuqPJEXUml1DiVlulUAH1SH4pBx4AQoWFNTwmsG08hhE0QDlZt+mkDDhgrJ6rVRunmQ==" crossorigin="anonymous"></script>
 		<!--[if lt IE 10]>
 		<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
 		<![endif]-->