Use SecureRandam to generate salt

Tatsuya Sato · Tatsuya Sato · commit b412ca05f6b4 · 2015-01-07T08:43:48.000+09:00
diff --git a/lib/net/ldap/password.rb b/lib/net/ldap/password.rb
@@ -27,7 +27,7 @@ def generate(type, str)
       when :sha
          attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp! 
       when :ssha
-         srand; salt = (rand * 1000).to_i.to_s 
+         srand; salt = SecureRandom.random_bytes(16)
          attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
       else
          raise Net::LDAP::HashTypeUnsupportedError, "Unsupported password-hash type (#{type})"
