From 13da0673b2779c8605858b0d12ad9d0815f3f278 Mon Sep 17 00:00:00 2001 From: Adam Frisby Date: Sat, 12 May 2007 11:58:23 +0000 Subject: PROTIP: System.Random isn't actually random. Use RNGCryptoServiceProvider in System.Security.Cryptography if your generating random numbers for security related purposes. --- OpenSim.Framework/UserProfile.cs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/OpenSim.Framework/UserProfile.cs b/OpenSim.Framework/UserProfile.cs index 5b7405a..eef6be1 100644 --- a/OpenSim.Framework/UserProfile.cs +++ b/OpenSim.Framework/UserProfile.cs @@ -3,6 +3,7 @@ using System.Collections.Generic; using System.Text; using libsecondlife; using OpenSim.Framework.Inventory; +using System.Security.Cryptography; namespace OpenSim.Framework.User { @@ -38,8 +39,15 @@ namespace OpenSim.Framework.User public void InitSessionData() { - CurrentSessionID = LLUUID.Random(); - CurrentSecureSessionID = LLUUID.Random(); + + System.Security.Cryptography.Rfc2898DeriveBytes b = new Rfc2898DeriveBytes(MD5passwd, 128); + + RNGCryptoServiceProvider rand = new RNGCryptoServiceProvider(); + + CurrentSessionID = new LLUUID(); + CurrentSecureSessionID = new LLUUID(); + rand.GetBytes(CurrentSecureSessionID.Data); + rand.GetBytes(CurrentSessionID.Data); } public void AddSimCircuit(uint circuitCode, LLUUID regionUUID) -- cgit v1.1