createWindowsSeed() insecure
hyperreality opened this issue · 3 comments
hyperreality commented
thedewpoint commented
+1 any idea on how we can secure this?
hyperreality commented
.NET offers CryptGenRandom but I'm not sure how easy it is to use from Powershell. Windows users should use Python and its SystemRandom function which will interface directly with this. Ideally, don't generate a seed on Windows at all and certainly not using this script.
pRizz commented
You can use this PowerShell command
$randomBuffer = [byte[]](1..1); $seed = [char[]](1..81); -join($seed | foreach { Do {(new-object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($randomBuffer); $randomChar = [char[]]([char]'A'..[char]'Z' + [char]'9'..[char]'9')[$randomBuffer[0]]} While ($randomChar -eq $null); $randomChar })