Metadata
- Source
- SJRK-185
- Type
- Improvement
- Priority
- Minor
- Status
- Closed
- Resolution
- Fixed
- Assignee
- N/A
- Reporter
- Gregor Moss
- Created
2019-01-17T23:18:43.202-0500 - Updated
2020-11-12T15:16:06.317-0500 - Versions
- N/A
- Fixed Versions
- N/A
- Component
-
- Storytelling Tool Server
Description
The ID's generated by the server for saved stories and files (images, sounds, videos) are possibly predictable and not cryptographically secure. These IDs are generated using the "uuid" package from NPM, which itself has an issue filed regarding the automatic and silent fallback from a cryptographically secure pseudorandom number generator to Math.Random():
https://github.com/kelektiv/node-uuid/issues/173
More potentially-useful info here:
https://security.stackexchange.com/questions/84906/predicting-math-random-numbers
Review any possible seed values being fed into the uuid code or explore alternatives.