Replace manual hex encoding loop with `format!("{:x}", Sha256::digest(...))`,
which is more idiomatic and concise.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Hash paired bearer tokens with SHA-256 before storing in config and
in-memory. When authenticating, hash the incoming token and compare
against stored hashes. Backward compatible: existing plaintext tokens
(zc_ prefix) are detected and hashed on load; already-hashed tokens
(64-char hex) are stored as-is.
Closes#58
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use rejection sampling to eliminate modulo bias in generate_code().
Values above the largest multiple of 1_000_000 in u32 are discarded
and re-drawn (~0.02% rejection rate).
- Make generate_code_is_not_deterministic test robust against the
1-in-10^6 collision chance by trying 10 pairs instead of one.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace DefaultHasher + SystemTime + process::id() with UUID v4
(backed by getrandom/urandom CSPRNG) for pairing code generation.
The previous implementation used predictable entropy sources
(system time to ~1s precision and process ID) with a non-cryptographic
hash (SipHash), making the 6-digit code brute-forceable.
The new implementation extracts 4 random bytes from a UUID v4
(which uses the OS CSPRNG) and derives the 6-digit code from those.
No new dependencies added — reuses existing uuid crate.
Adds a test verifying non-deterministic output.
Ref: CWE-330 (Use of Insufficiently Random Values)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
