From 97da8e2f2e72d4ed96cf6828aac77741ccebf7f2 Mon Sep 17 00:00:00 2001
From: hagen <hagen@mail.i2p>
Date: Wed, 27 Jul 2016 02:00:00 +0000
Subject: [PATCH] * HTTPServer.cpp : true random password

---
 HTTPServer.cpp | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/HTTPServer.cpp b/HTTPServer.cpp
index b4f90466..a811ad45 100644
--- a/HTTPServer.cpp
+++ b/HTTPServer.cpp
@@ -782,12 +782,14 @@ namespace http {
 		std::string pass; i2p::config::GetOption("http.pass", pass);
 		/* generate pass if needed */
 		if (needAuth && pass == "") {
+			uint8_t random[16];
 			char alnum[] = "0123456789"
 			  "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
 			  "abcdefghijklmnopqrstuvwxyz";
-			pass.resize(16);
-			for (size_t i = 0; i < pass.size(); i++) {
-				pass[i] = alnum[rand() % (sizeof(alnum) - 1)];
+			pass.resize(sizeof(random));
+			RAND_bytes(random, sizeof(random));
+			for (size_t i = 0; i < sizeof(random); i++) {
+				pass[i] = alnum[random[i] % (sizeof(alnum) - 1)];
 			}
 			i2p::config::SetOption("http.pass", pass);
 			LogPrint(eLogInfo, "HTTPServer: password set to ", pass);