From 1439b5bbfeeb247a5e8f10eac08663b88e055b2b Mon Sep 17 00:00:00 2001
From: Filip <filip26@gmail.com>
Date: Tue, 16 Jun 2026 17:10:48 +0200
Subject: [PATCH] Add nonce to improve entroy

---
 lib/http.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/http.js b/lib/http.js
index 998e099..60475a5 100644
--- a/lib/http.js
+++ b/lib/http.js
@@ -116,12 +116,18 @@ export async function addRoutes({app} = {}) {
         const {ecdsa, mldsa} = bedrock.config.hmbd.secrets;
         const verificationMethod = isMLDSA ? mldsa.id : ecdsa.id;
         const cryptosuite = CRYPTOSUITE_FACTORIES.get(cryptosuiteName)();
+
+        const nonce = Array.from(crypto.getRandomValues(new Uint8Array(32)))
+          .map(b => b.toString(32).padStart(2, '0'))
+          .join('');
+
         const proof = {
           type: 'DataIntegrityProof',
           cryptosuite: cryptosuite.name,
           proofPurpose: 'assertionMethod',
           verificationMethod,
-          created: new Date().toISOString().replace(/\.\d+Z$/, 'Z')
+          created: new Date().toISOString().replace(/\.\d+Z$/, 'Z'),
+          nonce
         };
 
         // canonicalize and SHA-256 hash the proof options (no proofValue);