Merge pull request #1705 from vector-im/dbkr/use_secure_random

Generate call passwords with secure RNG

src/matrix-utils.ts

@@ -28,7 +28,6 @@ import {
   GroupCallIntent,
   GroupCallType,
 } from "matrix-js-sdk/src/webrtc/groupCall";
-import { randomString } from "matrix-js-sdk/src/randomstring";
 
 import type { MatrixClient } from "matrix-js-sdk/src/client";
 import type { Room } from "matrix-js-sdk/src/models/room";
@@ -74,6 +73,14 @@ function waitForSync(client: MatrixClient) {
   });
 }
 
+function secureRandomString(entropyBytes: number): string {
+  const key = new Uint8Array(entropyBytes);
+  crypto.getRandomValues(key);
+  return btoa(
+    key.reduce((acc, current) => acc + String.fromCharCode(current), "")
+  ).replace(/=*$/, "");
+}
+
 /**
  * Initialises and returns a new standalone Matrix Client.
  * If true is passed for the 'restore' parameter, a check will be made
@@ -347,7 +354,7 @@ export async function createRoom(
 
   let password;
   if (e2ee) {
-    password = randomString(32);
+    password = secureRandomString(16);
     setLocalStorageItem(
       getRoomSharedKeyLocalStorageKey(result.room_id),
       password