yesod-auth-oauth2

mirror of https://github.com/freckle/yesod-auth-oauth2.git synced 2026-01-28 11:50:24 +01:00

History

patrick brisbin cd3875b797 Strengthen random state token generation Previously: - System.Random, which seeds from system time (possible attack) - 30 characters, a-z (low entropy) Now: - Crypto.Random, accepted as "cryptographically secure" - 64 random bytes, Base64-encoded cryptonite was already a transitive dependency, so there is really no downside to this. Fixes #132.	2020-08-20 11:38:20 -04:00
..
Auth	Strengthen random state token generation	2020-08-20 11:38:20 -04:00

patrick brisbin cd3875b797 Strengthen random state token generation

Previously:

- System.Random, which seeds from system time (possible attack)
- 30 characters, a-z (low entropy)

Now:

- Crypto.Random, accepted as "cryptographically secure"
- 64 random bytes, Base64-encoded

cryptonite was already a transitive dependency, so there is really no
downside to this.

Fixes #132.

2020-08-20 11:38:20 -04:00

Auth

Strengthen random state token generation

2020-08-20 11:38:20 -04:00