fix: Increase random E2EE password security (#5805)

app/lib/encryption/encryption.ts

@@ -209,8 +209,8 @@ class Encryption {
 	};
 
 	// Create a random password to local created keys
-	createRandomPassword = (server: string) => {
-		const password = randomPassword();
+	createRandomPassword = async (server: string) => {
+		const password = await randomPassword();
 		UserPreferences.setString(`${server}-${E2E_RANDOM_PASSWORD_KEY}`, password);
 		return password;
 	};

app/lib/encryption/utils.ts

@@ -1,7 +1,7 @@
 import ByteBuffer from 'bytebuffer';
 import SimpleCrypto from 'react-native-simple-crypto';
 
-import { compareServerVersion, random } from '../methods/helpers';
+import { compareServerVersion } from '../methods/helpers';
 import { fromByteArray, toByteArray } from './helpers/base64-js';
 import { TSubscriptionModel } from '../../definitions';
 import { store } from '../store/auxStore';
@@ -59,7 +59,10 @@ export const toString = (thing: string | ByteBuffer | Buffer | ArrayBuffer | Uin
 	// @ts-ignore
 	return new ByteBuffer.wrap(thing).toString('binary');
 };
-export const randomPassword = (): string => `${random(3)}-${random(3)}-${random(3)}`.toLowerCase();
+export const randomPassword = async (): Promise<string> => {
+	const random = await Promise.all(Array.from({ length: 4 }, () => SimpleCrypto.utils.getRandomValues(3)));
+	return `${random[0]}-${random[1]}-${random[2]}-${random[3]}`;
+};
 
 export const generateAESCTRKey = () => SimpleCrypto.utils.randomBytes(32);
 

ios/Podfile.lock

@@ -1053,7 +1053,7 @@ PODS:
     - React-Core
   - react-native-safe-area-context (3.2.0):
     - React-Core
-  - react-native-simple-crypto (0.6.0):
+  - react-native-simple-crypto (0.6.1):
     - OpenSSL-Universal (= 1.1.1100)
     - React
   - react-native-slider (4.5.0):
@@ -1730,7 +1730,7 @@ SPEC CHECKSUMS:
   react-native-orientation-locker: f0ca1a8e5031dab6b74bfb4ab33a17ed2c2fcb0d
   react-native-restart: 733a51ad137f15b0f8dc34c4082e55af7da00979
   react-native-safe-area-context: f0906bf8bc9835ac9a9d3f97e8bde2a997d8da79
-  react-native-simple-crypto: 83eb246059b5bfce7e6a96bf24569a0a98e92d74
+  react-native-simple-crypto: 663609d550ba052dd6ee5eef9954bac274736576
   react-native-slider: 09e5a8b7e766d3b5ae24ec15c5c4ec2679ca0f8c
   react-native-webview: 9f111dfbcfc826084d6c507f569e5e03342ee1c1
   React-nativeconfig: b4d4e9901d4cabb57be63053fd2aa6086eb3c85f

package.json

@@ -120,7 +120,7 @@
 		"react-native-safe-area-context": "3.2.0",
 		"react-native-screens": "3.29.0",
 		"react-native-scrollable-tab-view": "ptomasroos/react-native-scrollable-tab-view",
-		"react-native-simple-crypto": "RocketChat/react-native-simple-crypto#feat.file-encryption",
+		"react-native-simple-crypto": "RocketChat/react-native-simple-crypto#fix.6.1.0",
 		"react-native-skeleton-placeholder": "5.2.4",
 		"react-native-slowlog": "1.0.2",
 		"react-native-svg": "13.8.0",

yarn.lock

@@ -12182,9 +12182,9 @@ react-native-scrollable-tab-view@ptomasroos/react-native-scrollable-tab-view:
     prop-types "^15.6.0"
     react-timer-mixin "^0.13.3"
 
-react-native-simple-crypto@RocketChat/react-native-simple-crypto#feat.file-encryption:
-  version "0.6.0"
-  resolved "https://codeload.github.com/RocketChat/react-native-simple-crypto/tar.gz/476f0d2750abc1a9e74879ac3bacc7bec753c476"
+react-native-simple-crypto@RocketChat/react-native-simple-crypto#fix.6.1.0:
+  version "0.6.1"
+  resolved "https://codeload.github.com/RocketChat/react-native-simple-crypto/tar.gz/467905c61df8132e2257b6408a072521fc5a3d27"
   dependencies:
     base64-js "^1.3.0"
     hex-lite "^1.5.0"