From 798af6f5be96266dd99a4a83e77d80a757df7caa Mon Sep 17 00:00:00 2001 From: Uri Gorelik Date: Sat, 6 Oct 2018 00:09:44 -0400 Subject: [PATCH] BREAKING CHANGE: Removed Math.random rng fallback --- lib/rng-browser.js | 15 ++------------- test/test.js | 11 ++--------- v1.js | 2 +- 3 files changed, 5 insertions(+), 23 deletions(-) diff --git a/lib/rng-browser.js b/lib/rng-browser.js index 6361fb81..63d15077 100644 --- a/lib/rng-browser.js +++ b/lib/rng-browser.js @@ -17,18 +17,7 @@ if (getRandomValues) { return rnds8; }; } else { - // Math.random()-based (RNG) - // - // If all else fails, use Math.random(). It's fast, but is of unspecified - // quality. - var rnds = new Array(16); - - module.exports = function mathRNG() { - for (var i = 0, r; i < 16; i++) { - if ((i & 0x03) === 0) r = Math.random() * 0x100000000; - rnds[i] = r >>> ((i & 0x03) << 3) & 0xff; - } - - return rnds; + module.exports = function noSecureRNG() { + throw Error('uuid: No secure RNG available. See https://github.com/kelektiv/node-uuid/wiki#no-good-rng-error for more info.'); }; } diff --git a/test/test.js b/test/test.js index d15df3e7..82e1fb30 100644 --- a/test/test.js +++ b/test/test.js @@ -60,16 +60,9 @@ test('nodeRNG', function() { } }); -test('mathRNG', function() { +test('noSecureRNG', function() { var rng = require('../lib/rng-browser'); - assert.equal(rng.name, 'mathRNG'); - - var bytes = rng(); - assert.equal(bytes.length, 16); - - for (var i = 0; i < bytes.length; i++) { - assert.equal(typeof(bytes[i]), 'number'); - } + assert.throws(rng, Error) }); test('cryptoRNG', function() { diff --git a/v1.js b/v1.js index d84c0f45..e309b019 100644 --- a/v1.js +++ b/v1.js @@ -26,7 +26,7 @@ function v1(options, buf, offset) { // specified. We do this lazily to minimize issues related to insufficient // system entropy. See #189 if (node == null || clockseq == null) { - var seedBytes = rng(); + var seedBytes = (options.rng || rng)(); if (node == null) { // Per 4.5, create and 48-bit node id, (47 random bits + multicast bit = 1) node = _nodeId = [