fix: use crypto/rand for OTP generation by lakhansamani · Pull Request #489 · authorizerdev/authorizer
Navigation Menu
{{ message }}
authorizerdev / authorizer Public
- Notifications You must be signed in to change notification settings
- Fork 204
Merged
fix: use crypto/rand for OTP generation#489
lakhansamani merged 3 commits intomainfrom
fix: use crypto/rand for OTP generation#489
lakhansamani merged 3 commits intomainfrom
Conversation
Copy link Copy Markdown
Contributor
lakhansamani
commented
Mar 1, 2026
lakhansamani
commented
Summary
- Replaced insecure
math/randwithcrypto/randfor OTP generation - Removed per-call re-seeding that caused identical OTPs for concurrent calls
Test plan
- Verify OTPs are generated correctly with 6 characters
- Verify concurrent OTP generation produces unique values
Fixes #478
lakhansamani added 3 commits
March 1, 2026 11:46Replaced insecure math/rand with crypto/rand for cryptographically secure OTP generation. The previous implementation was predictable and could produce identical OTPs for concurrent calls. Fixes #478
lakhansamani
merged commit
695952e
into
main
lakhansamani
deleted the
fix/secure-otp-generation
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
1 participant