Issue #3 new
created an issue

On lines 190, 197, 266 and 316, Math.random() is used for generating parts of the password. This is completely insecure, results in very predictable outputs, and should never be used for something as security-sensitive as generating passwords. Instead, window.crypto.getRandomValues() and an algorithm like the one used in arc4random_uniform() should be used to generate secure random numbers within a given range.

Comments (1)

  1. Log in to comment