Open
Description
Use Windows CryptGenRandom function instead of RandomRange on line #L567 for Windows Platforms.
If you are generating passwords faster than .5 seconds, the salt will duplicate every other round. Hopefully nobody is generating mass password hashes from the same password. Can't think of a use case. (I'm sure there is one).
This is only affected if you generate a hash for the same password.
for i:= 0 to 10 do
begin
TBCryptHash.CreateHash('password');
end;This will output something like :
'$2y$10$kJgRFQ993paFLArmPE3gn.8yuUB/SRpaEw7lkJJ1oVqhWVIecI5nO'
'$2y$10$kJgRFQ993paFLArmPE3gn.n9OJBeYd77RdOYnkdp9orILyaa5jDb6'
'$2y$10$onWrpSgN3URAnmBJZkpqieH1QwbkDe5.RXInCYJG9MCtXL0yH6rxe'