fix: V-002 security vulnerability

Automated security fix generated by OrbisAI Security
This commit is contained in:
orbisai0security 2026-06-29 16:50:20 +00:00
parent 9700b5b10e
commit 645a6d6ddf

View file

@ -81,7 +81,7 @@ func NewSecureChannelSession(card *pcsc.Card, keyData []byte) (*SecureChannelSes
// Pair establishes a new pairing with the smartcard. // Pair establishes a new pairing with the smartcard.
func (s *SecureChannelSession) Pair(pairingPassword []byte) error { func (s *SecureChannelSession) Pair(pairingPassword []byte) error {
secretHash := pbkdf2.Key(norm.NFKD.Bytes(pairingPassword), norm.NFKD.Bytes([]byte(pairingSalt)), 50000, 32, sha256.New) secretHash := pbkdf2.Key(norm.NFKD.Bytes(pairingPassword), norm.NFKD.Bytes([]byte(pairingSalt)), 600000, 32, sha256.New)
challenge := make([]byte, 32) challenge := make([]byte, 32)
if _, err := rand.Read(challenge); err != nil { if _, err := rand.Read(challenge); err != nil {