change rng to OsRng, version bump

4 years ago · 89bebc6b03
parent 4046e7f185
commit 89bebc6b03
3 changed files with 11 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,7 @@
+# [unreleased]
+
+- ...
+
+# [0.2.1]
+
+- change from `thread_rng` to `OsRng` for better session ID entropy
--- a/Cargo.toml
+++ b/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "rocket_session"
-version = "0.2.0"
+version = "0.2.1"
 authors = ["Ondřej Hruška <ondra@ondrovo.com>"]
 edition = "2018"
 license = "MIT"
@ -16,6 +16,6 @@ categories = [
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

 [dependencies]
-rand = "0.7.2"
+rand = "0.7.3"
 rocket = "0.4.2"
 parking_lot = "0.10.0"
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1,5 +1,5 @@
 use parking_lot::{Mutex, RwLock, RwLockUpgradableReadGuard};
-use rand::Rng;
+use rand::{Rng, rngs::OsRng};

 use rocket::{
    fairing::{self, Fairing, Info},
@ -176,7 +176,7 @@ where

                    // Find a new unique ID - we are still safely inside the write guard
                    let new_id = SessionID(loop {
-                        let token: String = rand::thread_rng()
+                        let token: String = OsRng
                            .sample_iter(&rand::distributions::Alphanumeric)
                            .take(store.config.cookie_len)
                            .collect();