darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-20 15:31:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

Don’t repeat digits in security codes

Browse Source 
People with dyslexia and dyscalculia find it difficult to transpose
codes which have consecutive, repeated digits[1].

This commits enhances the algorithm for generating codes to not repeat
the previous digit in a code.

This reduces the key space for our codes from 100,000 possibilities to
65,610 possibilities.

1. https://twitter.com/annaecook/status/1442567679710150662
This commit is contained in:
Chris Hill-Scott
2021-09-30 10:24:17 +01:00
parent 75901a02a6
commit 19ad11e383
2 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
app/dao/users_dao.py
View File

@@ -20,7 +20,15 @@ def _remove_values_for_keys_if_present(dict, keys):
def create_secret_code():
return ''.join(map(str, [SystemRandom().randrange(10) for i in range(5)]))
return ''.join(get_non_repeating_random_digits(5))
def get_non_repeating_random_digits(length):
output = [None] * length
for index in range(length):
while output[index] in {None, output[index - 1]}:
output[index] = str(SystemRandom().randrange(10))
return output
def save_user_attribute(usr, update_dict=None):