browsercookie icon indicating copy to clipboard operation
browsercookie copied to clipboard
verified publisher icon richardpenman

The salt should not be static.

Open cryptochecktool opened this issue 1 year ago • 3 comments

The salt should not be set as a static variable, as this will lead to reduced security. See https://github.com/richardpenman/browsercookie/blob/9d5e80788504c8b950bda31e377585252d7abc31/browsercookie/init.py#L106 for the reference.

cryptochecktool avatar Nov 16 '24 09:11 cryptochecktool

That link 404's. Could you clarify what you mean?

richardpenman avatar Nov 17 '24 08:11 richardpenman

init.py#L106

class ChromeBased(BrowserCookieLoader): def get_cookies(self): salt = b'saltysalt' length = 16 keys = []

the salt should not be static,need random for anyone.

cryptochecktool avatar Nov 17 '24 09:11 cryptochecktool

This salt is for decrypting cookies and is the hardcoded value used by chrome: https://gist.github.com/creachadair/937179894a24571ce9860e2475a2d2ec

richardpenman avatar Nov 17 '24 23:11 richardpenman