Change the mask generator to use QRandomGenerator instead of qs?rand

This makes it secure, instead of insecure, and requires no seeding. Task-number: QTBUG-61694 Change-Id: Ia53158e207a94bf49489fffd14c782bd4ec24946 Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
author: Thiago Macieira <thiago.macieira@intel.com> 2017-06-12 16:12:30 -0700
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2017-06-30 07:34:19 +0000
commit: 191dd6e89fdca2108cfaf405e968a980ec6728ee (patch)
tree: 79125085ae7ab7bf1aa0fe5876b3d51a9af1b5ff /src/websockets/qmaskgenerator.cpp
parent: 26e56e18eb234df4a782737cd3c8d8d11daead2c (diff)
download: qtwebsockets-191dd6e89fdca2108cfaf405e968a980ec6728ee.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/websockets/qmaskgenerator.cpp b/src/websockets/qmaskgenerator.cpp
index 064ada2..56d1223 100644
--- a/src/websockets/qmaskgenerator.cpp
+++ b/src/websockets/qmaskgenerator.cpp
@@ -50,7 +50,7 @@
     malicious scripts from attacking badly behaving proxies.
     For more information about the importance of good masking,
     see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}.
-    By default QWebSocket uses the cryptographically insecure qrand() function.
+    By default QWebSocket uses the reasonably secure QRandomGenerator::get32() function.
     The best measure against attacks mentioned in the document above,
     is to use QWebSocket over a secure connection (\e wss://).
     In general, always be careful to not have 3rd party script access to
author	Thiago Macieira <thiago.macieira@intel.com>	2017-06-12 16:12:30 -0700
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2017-06-30 07:34:19 +0000
commit	191dd6e89fdca2108cfaf405e968a980ec6728ee (patch)
tree	79125085ae7ab7bf1aa0fe5876b3d51a9af1b5ff /src/websockets/qmaskgenerator.cpp
parent	26e56e18eb234df4a782737cd3c8d8d11daead2c (diff)
download	qtwebsockets-191dd6e89fdca2108cfaf405e968a980ec6728ee.tar.gz