feat: replace makesalt with a more secure function (MESSENGER-6727)

2026-04-16 06:28:27 +02:00 · 2025-01-07 13:12:10 +01:00
parent 9ece41a0c5
commit b4bc9fa657
1 changed files with 21 additions and 3 deletions
--- a/bwi/SecureStorage/SecureFileStorage.swift
+++ b/bwi/SecureStorage/SecureFileStorage.swift
@@ -17,6 +17,7 @@

 import Foundation
 import MatrixSDK
+import Security


 class SecureFileStorage {
@@ -100,11 +101,28 @@ class SecureFileStorage {
    // MARK: -
    
    private func makeSalt() -> String {
-        let secret = ProcessInfo.processInfo.globallyUniqueString
-        let index = secret.index(secret.startIndex, offsetBy: 32)
-        return String(secret.prefix(upTo: index))
+        return generateSecureRandomString(length: 32)!
    }
    
+    func generateSecureRandomString(length: Int) -> String? {
+        let characters = Array("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
+        let charactersCount = characters.count
+        
+        var randomBytes = [UInt8](repeating: 0, count: length)
+        let status = SecRandomCopyBytes(kSecRandomDefault, length, &randomBytes)
+        
+        guard status == errSecSuccess else {
+            MXLog.error("generateSecureRandomString failed")
+            return nil
+        }
+        
+        let randomString = randomBytes.map { byte in
+            String(characters[Int(byte) % charactersCount])
+        }.joined()
+        
+        return randomString
+    }
+
    func update(passphrase: String) throws {
        guard !locked else {
            throw SecureStorageError.locked