joh/project-bifrost-platform
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(auth): strengthen admin temp-password entropy to 128 bits

Browse source 
generateTempPassword() used randomBytes(4) — 32 bits behind a known
'Bifrost-' prefix — for a directly-usable login password set by the admin
reset action. Brute-forceable. Bump to randomBytes(16) (128 bits) base64url.
Flagged by automated security review.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Arlind 2026-06-17 15:57:14 +02:00
parent 505484124d
commit 29b30b27e6
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/lib/auth.ts
View file

@ -23,9 +23,11 @@ export function verifyPassword(password: string, hash: string): boolean {
}
/** A readable one-time password for admin resets. Give to the user; they
* change it from /account. */
* change it from /account. 16 bytes = 128 bits of entropy from the CSPRNG
* (the 'Bifrost-' prefix is fixed/known, so the randomness must carry the
* full strength on its own). */
export function generateTempPassword(): string {
return 'Bifrost-' + randomBytes(4).toString('hex');
return 'Bifrost-' + randomBytes(16).toString('base64url');
}
// ── Invite tokens ────────────────────────────────────────────────