go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-04-25 12:24:41 +02:00
Code Issues Releases Activity

docs/configuration: Fix entropy for bash secret

Browse Source 
Filtering `/dev/urandom` for alphanumeric characters resulted in loss of
input entropy to base64. Fixing this using a procedure with these steps:

  * Read 32 bytes from `/dev/urandom` (`dd`)
  * Base64-encode (`base64`)
  * Strip newlines (`tr -d`)
  * URL-Escape (`tr`)
  * Append a final newline (`echo`)

This output should be equivalent to output generated using Python and
OpenSSL variants mentioned in the changed document file.

Newlines are stripped as `base64` wraps its output and the option to
disable this (`-w 0`) is not available in all implementations.

Fixes: #1511
This commit is contained in:
Simon Hollenbach 2022-01-10 18:31:02 +01:00
parent cc94be0314
commit db71dd8c55
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/docs/configuration/overview.md
View File

@ -31,7 +31,7 @@ import TabItem from '@theme/TabItem';
<TabItem value="bash">
```shell
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 | base64
dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\n' | tr -- '+/' '-_'; echo
```
</TabItem>