Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(eth signer): use a unique anchor in ans-104 headers #311

Merged
merged 5 commits into from
Dec 11, 2024
Merged

fix(eth signer): use a unique anchor in ans-104 headers #311

merged 5 commits into from
Dec 11, 2024
+32 −2

Conversation

fedellen
Copy link
Contributor

this will produce non-deterministic IDs for all signer types that dont provide salt

PE-7158

@fedellen
fix(eth signer): use a unique anchor in ans-104 headers
8cd5587 
this will produce non-deterministic IDs for all signer types that dont provide salt

PE-7158
@fedellen fedellen requested a review from a team as a code owner December 10, 2024 19:13
@fedellen fedellen self-assigned this Dec 10, 2024
arielmelendez
arielmelendez reviewed Dec 10, 2024
View reviewed changes
src/common/contracts/ao-process.ts Outdated
65 + Math.floor(Math.random() * 26),
);
// anchor is a random string produce non-deterministic messages IDs
const anchor = Date.now().toString().padEnd(32, randomLetter);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would only let users send basic messages up to 26 times, right? Maybe just use fully random bytes or some combination of the current timestamp plus random bytes. Here's a way to produce random characters:

function getRandomText(length = 32) {
  const array = new Uint8Array(length);
  crypto.getRandomValues(array);
  return Array.from(array, byte => byte.toString(16).padStart(2, '0')).join('').slice(0, length);
}

crypto.getRandomValues generates cryptographically secure random values.
Array.from with .toString(16): Converts each byte to a hexadecimal string (base 16).
.padStart(2, '0'): Ensures each byte is represented as two characters (e.g., 0a instead of a).
.slice(0, length): Ensures the resulting string is exactly the specified length.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

was trying to avoid putting crypto import here as we don't access it much in the SDK. maybe something like this?

export function randomString(length: number): string {
  const chars =
    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
  let result = '';
  for (let i = 0; i < length; i++) {
    result += chars.charAt(Math.floor(Math.random() * chars.length));
  }
  return result;
}

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That won't perform as well, I believe, and is less likely to distribute randomness uniformly. If we're already relying on crypto elsewhere and if it won't create additional integration stresses for SDK clients, I recommend we use it.

@fedellen fedellen merged commit 9ddd591 into alpha Dec 11, 2024
11 checks passed
@dtfiedler
Copy link
Collaborator

🎉 This PR is included in version 3.0.1-alpha.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arielmelendez arielmelendez arielmelendez approved these changes

@atticusofsparta atticusofsparta Awaiting requested review from atticusofsparta

Assignees

@fedellen fedellen

Labels
released on @alpha
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fedellen @dtfiedler @arielmelendez