timothyerwin
commented
1 year ago what is the alternative?
Open earonesty opened 1 year ago
timothyerwin
commented
1 year ago what is the alternative?
earonesty
commented
1 year ago im working on fixing it. i don't think there is an alternative. the best thing to do is to get rid of the code in react_native.ts that does the Math.random stuff... that prevents it from actually being insecure. at least it will raise an error and fail to start the app if you have expo-crypto misconfigured, etc. getting rid of a lot of the detection around expo-crypto and just putting it in the "else" seems to be a better policy on native. i'll put up a pr. actively debugging now. for sure it can't work on android, since the module has been renamed.
earonesty
commented
1 year ago this is what im using now: https://github.com/earonesty/isomorphic-webcrypto just blows up if expo isn't installed, instead of logging an error that no one will see and then giving you an attackable private key or something
timothyerwin
commented
1 year ago thanks. I have similar, but also upgraded the packages using ncu -u
earonesty
commented
1 year ago this apparently works better might switch to it.
on android, there's a small change to fix it
on ios, not sure
either way, don't use this because it will keep working, while exporting an insecure polyfill