From c5bb6ef2ae0e7554306776fbf4746ba086051cd1 Mon Sep 17 00:00:00 2001
From: Laurent Peuch <cortex@worlddomination.be>
Date: Mon, 15 May 2017 03:29:34 +0200
Subject: [PATCH] [fix] uses a cryptographically secure source of randomness

---
 init.lua | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/init.lua b/init.lua
index 1794649..b0ea838 100644
--- a/init.lua
+++ b/init.lua
@@ -27,12 +27,17 @@ local config = require "config"
 flashs = {}
 i18n = {}
 
+-- convert a string to a hex
+function tohex(str)
+    return (str:gsub('.', function (c)
+        return string.format('%02X', string.byte(c))
+    end))
+end
+
 -- Efficient function to get a random string
 function random_string()
-    math.randomseed( tonumber(tostring(socket.gettime()*10000):reverse()) )
-    str = tostring(math.random()):sub(3)
-    socket.sleep(1e-400)
-    return str
+    local random_bytes = io.open("/dev/urandom"):read(64);
+    return tohex(random_bytes);
 end
 
 -- Load translations in the "i18n" above table