Skip to content

Commit

Permalink
Use SecureRandom rather than OpenSSL::Random
Browse files Browse the repository at this point in the history 
SecureRandom uses OpenSSL::Random under the hood anyway but
is apparently a more secure:
https://bugs.ruby-lang.org/issues/4579
  • Loading branch information
@sbc100
sbc100 committed Apr 21, 2016
1 parent c73784e commit daaaa11
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/rotp.rb
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
require 'cgi'
require 'uri'
require 'openssl'
require 'securerandom'
require 'rotp/base32'
require 'rotp/otp'
require 'rotp/hotp'
Expand Down
2 changes: 1 addition & 1 deletion lib/rotp/base32.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ def decode(str)

def random_base32(length=16)
b32 = String.new
OpenSSL::Random.random_bytes(length).each_byte do |b|
SecureRandom.random_bytes(length).each_byte do |b|
b32 << CHARS[b % 32]
end
b32
Expand Down

0 comments on commit daaaa11

Please sign in to comment.