GitHub ya toshe maɓallan SSH don masu amfani da abokan cinikin Git waɗanda ke amfani da laburaren maɓalli na JavaScript don samar da maɓalli. Misali, an toshe maɓallan abokin ciniki na Git GitKraken. Rashin lahani yana haifar da haɓakar maɓallan RSA da ake iya faɗi saboda kuskuren da ke rage ingancin entropy sosai yayin samar da jerin bazuwar maɓallan. An daidaita batun a cikin maɓalli 1.0.4 da GitKraken 8.0.1.
Dalilin rashin lahani shine amfani da "b.putByte(String.fromCharCode(na gaba & 0xFF))" kira yayin aiwatar da maɓalli, duk da cewa an sake kiran hanyarCharCode a cikin hanyar putByte. Kira dagaCharCode sau biyu ("String.fromCharCode(String.fromCharCode(na gaba & 0xFF)") ya haifar da cika mafi yawan buffer entropy da sifili, watau. an samar da maɓallin bisa ga bayanan "bazuwar", 97% ya ƙunshi sifilai.
source: budenet.ru