blob: 44969b343d7f3d7edec2e2d4eee98f6ab6a1fe04 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
import crypto from 'crypto';
/**
* Generate a suitably random value to be used as an attestation or assertion challenge
*/
export default function generateChallenge(): Buffer {
/**
* WebAuthn spec says that 16 bytes is a good minimum:
*
* "In order to prevent replay attacks, the challenges MUST contain enough entropy to make
* guessing them infeasible. Challenges SHOULD therefore be at least 16 bytes long."
*
* Just in case, let's double it
*/
return crypto.randomBytes(32);
}
|
