switching from rand() to OpenSSL::Random

atmos / warden-github

:lock: warden strategy for github oauth

MIT License

54 stars 41 forks source link

switching from rand() to OpenSSL::Random #24

Closed btoews closed 11 years ago

btoews commented 11 years ago

@atmos everything looks really good. My only problem is that it is using rand() for the state generation. It would take a lot of other problems for this to be exploitable, but still we should be using OpenSSL for randomness.

fphilipe commented 11 years ago

If changing really is necessary, I'd advocate SecureRandom.hex that uses OpenSSL under the hood.