From 00a22a2e24e5496c71a9d184ac01faf47ae4e5b8 Mon Sep 17 00:00:00 2001
From: nyk <93952610+0xNyk@users.noreply.github.com>
Date: Tue, 17 Mar 2026 12:54:55 +0700
Subject: [PATCH] fix: use CSPRNG for password generation in install.ps1 (#424)

Replace Get-Random (System.Random, clock-seeded) with RandomNumberGenerator in Get-RandomPassword to match the CSPRNG already used by Get-RandomHex.
---
 install.ps1 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/install.ps1 b/install.ps1
index 31f7527..4432470 100644
--- a/install.ps1
+++ b/install.ps1
@@ -68,7 +68,10 @@ function Test-Command { param([string]$Name) $null -ne (Get-Command $Name -Error
 function Get-RandomPassword {
     param([int]$Length = 24)
     $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
-    -join (1..$Length | ForEach-Object { $chars[(Get-Random -Maximum $chars.Length)] })
+    $rng = [System.Security.Cryptography.RandomNumberGenerator]::Create()
+    $bytes = New-Object byte[] $Length
+    $rng.GetBytes($bytes)
+    -join ($bytes | ForEach-Object { $chars[$_ % $chars.Length] })
 }
 
 function Get-RandomHex {