You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This should just use urandom. As it stands, I think an attacker can obtain one of these tokens and reverse it to get the state of the random.random() generator, then brute-force somebody else's token with a relatively tiny number of attempts.
The text was updated successfully, but these errors were encountered:
This code:
mantissa/xmantissa/signup.py
Line 228 in 53e5502
This should just use urandom. As it stands, I think an attacker can obtain one of these tokens and reverse it to get the state of the random.random() generator, then brute-force somebody else's token with a relatively tiny number of attempts.
The text was updated successfully, but these errors were encountered: