Closed sfdc-ca closed 3 years ago
This should have been filed in the sdp package?
The code has a comment about this not following the specification, however the specification only recommends and does not mandate cryptographically secure session ids. I haven't seen anyone actually using the session id in a way that requires basic randomness even.
edge shim is gone from the main distribution and lacks feedback on why this is an issue.
Please read first!
Please use discuss-webrtc for general technical discussions and questions.
Note: If the checkboxes above are not checked (which you do after the issue is posted), the issue will be closed.
Versions affected
Browser name including version (e.g. Chrome 64.0.3282.119)
adapter.js (e.g. 6.1.0)
Description
SDPUtils.generateSessionId () appears to use weak cypto
Steps to reproduce
Visit https://github.com/webrtcHacks/adapter/blob/8895ce9ab1fdbdcd3ac5215fde34433ac9c4ce9d/release/adapter.js#L5467
Expected results
not use math random use a cypto library
Actual results