Closed Bug 1471296 Opened 7 years ago Closed 6 years ago

NSString+Utils's randomAlphanumericStringWithLength should probably never be used

Categories

(Firefox for iOS :: General, enhancement)

Product:
Firefox for iOS
Component:
General
Platform:
All
Unspecified
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INACTIVE
Tracking Flags:
Tracking Status
fxios ? ---

People

(Reporter: tcsc, Unassigned)

Details

I came across https://github.com/mozilla-mobile/firefox-ios/blob/13186294f11b9bfc3279f94d7497ffcf6691a7a8/FxA/FxA/NSString%2BUtils.m by accident, and while it's hardly an issue that actually matters (it's a function nobody should call, and thankfully nobody calls it), it's probably worth deleting. Given that this is in a directory with a bunch of crypto code, someone would be forgiven for thinking this uses cryptographically secure RNG. It does not. It doesn't even use a good non-cryptographically secure RNG (`rand()` is pretty terrible). Anyway, as mentioned, AFAICT nothing calls this so it should just be a matter of deleting it? Hopefully?
tracking-fxios: ?+
Priority: -- → P3
tracking-fxios: +?
Priority: P3 → --

Bug has been migrated to Github. Closing.
To add additional comments please find the bug in Github.

https://github.com/mozilla-mobile/firefox-ios/issues

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.