Skip to content

Commit 8312559

Browse files
authored
refactor(auth): enhance randomJitter function for cryptographic security (#1295)
1 parent dcbc2ee commit 8312559

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

src/utils/internal/auth.ts

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,9 +21,12 @@ export function timingSafeEqual(a: string, b: string): boolean {
2121
}
2222

2323
/**
24-
* Add random delay (0-100ms) to prevent timing-based credential inference.
24+
* Add random delay (0-99ms) to prevent timing-based credential inference.
2525
*/
2626
export function randomJitter(): Promise<void> {
27-
const jitter = Math.floor(Math.random() * 100);
27+
const randomBuffer = new Uint32Array(1);
28+
crypto.getRandomValues(randomBuffer);
29+
const jitter = randomBuffer[0] % 100;
30+
2831
return new Promise((resolve) => setTimeout(resolve, jitter));
2932
}

0 commit comments

Comments
 (0)