This repository was archived by the owner on Jan 26, 2022. It is now read-only.
This repository was archived by the owner on Jan 26, 2022. It is now read-only.
RNG documentation #1
Description
Hello,
Could it be possible to add to the documentation the sources used for your RandomByte function on every support (mobile app, cli, browser extension, ...).
As some websites permit to know when a user registered (you know like "member since 01/04/2018 17:04"), if the bitwarden password generator uses a clock based PRNG, an adversary could crack the password of the users who relied on this password generator.
I see that you use some CSPRNG library like WinRTCrypto. But I think it's important to easily permit (through the documentation) people to know how secure are the PRNG involved.
Also, when a CSPRNG library has vulnerabilities discovered, it could be easier to know if bitwarden is affected or not.
Thanks