From 9f742b352d412bd75595f0f91c8dfc158b6c2051 Mon Sep 17 00:00:00 2001
From: psychon <psychon@726aef4b-f618-498e-8847-2d620e286838>
Date: Thu, 4 Mar 2010 14:03:27 +0000
Subject: [PATCH] Use a random string instead of an md5 hash for session IDs

This string has the same length as the md5 hash, but it does actually contain
more entropy. Also, why md5? :/


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1804 726aef4b-f618-498e-8847-2d620e286838
---
 WebModules.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/WebModules.cpp b/WebModules.cpp
index e20ed67c..afc39a63 100644
--- a/WebModules.cpp
+++ b/WebModules.cpp
@@ -26,7 +26,7 @@ bool CZNCTagHandler::HandleTag(CTemplate& Tmpl, const CString& sName, const CStr
 
 CWebSession::CWebSession(const CString& sId) : m_sId(sId) {
 	if (m_sId.empty()) {
-		m_sId = CBlowfish::MD5(CString::RandomString(4096), true);
+		m_sId = CString::RandomString(32);
 		DEBUG("Auto generated session: [" + m_sId + "]");
 	}