From 372ebdb1ecd33f9e67587534ce26837e15780b21 Mon Sep 17 00:00:00 2001
From: yhori <yhori@MBP13JAQ-A034.local>
Date: Fri, 18 May 2018 14:02:30 +0900
Subject: [PATCH] replace math.random() to crypto.randamBytes() on nodejs

---
 libs/nodejs/auth_core/src/util/Crypto.js | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/libs/nodejs/auth_core/src/util/Crypto.js b/libs/nodejs/auth_core/src/util/Crypto.js
index 5dc52dd82e2..2f2cb702d29 100644
--- a/libs/nodejs/auth_core/src/util/Crypto.js
+++ b/libs/nodejs/auth_core/src/util/Crypto.js
@@ -16,8 +16,7 @@
 var crypto = require('crypto');
 var ybase64 = require('./YBase64');
 
-var SALT_LENGTH = 8;
-var SALT_CHARS = '0123456789abcdef';
+var SALT_BYTES = 4;
 
 class Crypto {
   static hmac(message, sharedSecret) {
@@ -52,12 +51,8 @@ class Crypto {
   }
 
   static randomSalt() {
-    var c, i, salt = '';
-    for (c = 0; c < SALT_LENGTH; c++) {
-      i = Math.floor(Math.random() * SALT_CHARS.length);
-      salt += SALT_CHARS.charAt(i);
-    }
-    return salt;
+    var salt = crypto.randomBytes(SALT_BYTES);
+    return salt.toString('hex');
   }
 }