Created
May 12, 2018 01:59
-
-
Save defuse/6c5d6e857abce50400195ccd006c71ad to your computer and use it in GitHub Desktop.
Insecure code that's visually identical to secure code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let KEY = new Uint8Array(16); | |
| function generate_key() { | |
| let KEY = new Uint8Array(16); | |
| window.crypto.getRandomValues(KEY); | |
| return KEY; | |
| } | |
| KEY = generate_key(); | |
| document.body.innerText = KEY; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I can see two different KEYs. Look closely.