Added a check to see if proper crypto is available, and a warning if it is not.

2024-11-24 01:36:36 -05:00 · 2015-04-27 20:48:57 -04:00 · 2015-04-27 20:48:57 -04:00 · a10b0d36cc
commit a10b0d36cc
parent 042b20a101
2 changed files with 63 additions and 3 deletions
--- a/index.html
+++ b/index.html
@ -89,12 +89,23 @@
 		<div class="results_phrase_key" >Your passphrase is: </div>
 		<div class="results_phrase_value" ></div>
 		</div>
 	</div>
 	<div class="alert alert-danger bad_crypto" role="alert">
 	<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
 	<span class="sr-only">Error:</span>
 	Whoa there! Your browser doesn't have the getRandomValues() function.
 	This means that dice rolls you make <em>will not be cryptogrpahically secure!</em><br/>
 	Please try another browser. Otherwise, proceed at your own risk.
 	</div>
 	</div> <!--/ row -->
 	<div class="row">
 		<div class="col-md-12">
 		<div class="message" ></div>
 		<h2 class="dice_num">
 		Number of Dice to roll:
 		</h2>
@ -166,10 +177,20 @@ By all means, feel free to do so.  LastPass is an excellent product and I highly
 If, on the other hand, you prefer to be able to actually remember your 
 passwords, I recommend Diceware or a similar system.
 <h3>FAQ: Are these dice roles cryptographically secure?</h3>
 Yes, insofar as we're using the getRandomValues() function in Javascript, and you trust that your
 browser and computer have not been compromised or otherwise tampered with.  Keep in mind that a not-so-theoretical attack
 would be for an attacker to compromise the random number generator on your computer so that
 anything that is encrypted (or passkeys generated) would be suspectible to less intense cryptoanalysis.
 <h3>FAQ: Is the source available?</h3>
 Yep!  You can grab a copy at <a href="https://github.com/dmuth/diceware">https://github.com/dmuth/diceware</a>
 <h3>Who built this? / Contact</h3>
 My name is <a href="http://www.dmuth.org/">Douglas Muth</a>, and I am a software engineer in Philadelphia, PA.
--- a/main.js
+++ b/main.js
@ -3,14 +3,48 @@
 */
 (function() {
 /**
 * Return true if we have a function that returns cryptographically random 
 * values. False otherwise.
 */
 function i_can_has_good_crypto() {
 	if (window.crypto && window.crypto.getRandomValues) { 
 		return(true);
 	}
 	return(false);
 } // End of i_can_has_good_crypto()
 /**
 * Roll a die.
 *
 * @return integer A random number between 1 and 6, inclusive.
 */
 function die_roll() {
-	return(Math.floor(Math.random() * 6) + 1);
+
-} 
+	var retval;
 	if (i_can_has_good_crypto()) {
 		var a = new Uint32Array(1);
 		window.crypto.getRandomValues(a);
 		retval = (a[0] % 6) + 1;
 	} else {
 		//
 		// Fall back to something way less secure.  The user has already 
 		// been warned.
 		//
 		retval = Math.floor(Math.random() * 6) + 1;
 	}
 	return(retval);
 }  // End of die_roll()
 /**
@ -246,6 +280,7 @@ jQuery("#roll_dice").on("click", function(e) {
 });
 //
 // If we're not on a mobile, bring in the GitHub ribbon.
 //
@ -253,6 +288,10 @@ if (!is_mobile()) {
 	jQuery("#github_ribbon").fadeIn(1000);
 }
 if (!i_can_has_good_crypto()) {
 	jQuery(".source .bad_crypto").clone().hide().fadeIn(800).appendTo(".message");
 }
 //
 // Load our wordlist.
 //