Change the mask generator to use QRandomGenerator instead of qs?rand

This makes it secure, instead of insecure, and requires no seeding. Task-number: QTBUG-61694 Change-Id: Ia53158e207a94bf49489fffd14c782bd4ec24946 Reviewed-by: Jesus Fernandez <Jesus.Fernandez@qt.io> Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
author: Thiago Macieira <thiago.macieira@intel.com> 2017-06-12 16:12:30 -0700
committer: Timur Pocheptsov <timur.pocheptsov@qt.io> 2017-06-30 07:34:19 +0000
commit: 191dd6e89fdca2108cfaf405e968a980ec6728ee (patch)
tree: 79125085ae7ab7bf1aa0fe5876b3d51a9af1b5ff /src/websockets/qwebsocket.cpp
parent: 26e56e18eb234df4a782737cd3c8d8d11daead2c (diff)
download: qtwebsockets-191dd6e89fdca2108cfaf405e968a980ec6728ee.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/src/websockets/qwebsocket.cpp b/src/websockets/qwebsocket.cpp
index ba343e4..30bb39d 100644
--- a/src/websockets/qwebsocket.cpp
+++ b/src/websockets/qwebsocket.cpp
@@ -63,8 +63,8 @@
     In that case, non-secure WebSocket connections fail. The best way to mitigate against
     this problem is to use WebSocket over a secure connection.
 
-    \warning To generate masks, this implementation of WebSockets uses the cryptographically
-    insecure qrand() function.
+    \warning To generate masks, this implementation of WebSockets uses the reasonably
+    secure QRandomGenerator::get32() function.
     For more information about the importance of good masking,
     see \l {"Talking to Yourself for Fun and Profit" by Lin-Shung Huang et al}.
     The best measure against attacks mentioned in the document above,
author	Thiago Macieira <thiago.macieira@intel.com>	2017-06-12 16:12:30 -0700
committer	Timur Pocheptsov <timur.pocheptsov@qt.io>	2017-06-30 07:34:19 +0000
commit	191dd6e89fdca2108cfaf405e968a980ec6728ee (patch)
tree	79125085ae7ab7bf1aa0fe5876b3d51a9af1b5ff /src/websockets/qwebsocket.cpp
parent	26e56e18eb234df4a782737cd3c8d8d11daead2c (diff)
download	qtwebsockets-191dd6e89fdca2108cfaf405e968a980ec6728ee.tar.gz