From b8ae474b152e07e090a5a63e75a0e99e9a00e21e Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Tue, 25 Dec 2012 20:34:48 +0100
Subject: Security: use SecureRandom for a much better random generator -
 Kernel.rand is just crap

---
 lib/trocla/util.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/trocla/util.rb b/lib/trocla/util.rb
index 3461bb2..2b1c6c6 100644
--- a/lib/trocla/util.rb
+++ b/lib/trocla/util.rb
@@ -1,12 +1,13 @@
+require 'securerandom'
 class Trocla
   class Util
     class << self
       def random_str(length=12)
-        (1..length).collect{|a| chars[rand(chars.size)] }.join.to_s
+        (1..length).collect{|a| chars[SecureRandom.random_number(chars.size)] }.join.to_s
       end
 
       def salt(length=8)
-        (1..length).collect{|a| normal_chars[rand(normal_chars.size)] }.join.to_s
+        (1..length).collect{|a| normal_chars[SecureRandom.random_number(normal_chars.size)] }.join.to_s
       end
 
       private
-- 
cgit v1.2.3