blob: ff54321e046d9746d37fe686ebe203dcbb0a7858 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
import crypto from 'crypto';
/**
* Generate a suitably random value to be used as an attestation or assertion challenge
*/
export function generateChallenge(): Uint8Array {
/**
* WebAuthn spec says that 16 bytes is a good minimum:
*
* "In order to prevent replay attacks, the challenges MUST contain enough entropy to make
* guessing them infeasible. Challenges SHOULD therefore be at least 16 bytes long."
*
* Just in case, let's double it
*/
return crypto.randomBytes(32);
}
|
