From 13da0673b2779c8605858b0d12ad9d0815f3f278 Mon Sep 17 00:00:00 2001
From: Adam Frisby <adam@gwala.net>
Date: Sat, 12 May 2007 11:58:23 +0000
Subject: [PATCH] PROTIP: System.Random isn't actually random. Use
 RNGCryptoServiceProvider in System.Security.Cryptography if your generating
 random numbers for security related purposes.

---
 OpenSim.Framework/UserProfile.cs | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/OpenSim.Framework/UserProfile.cs b/OpenSim.Framework/UserProfile.cs
index 5b7405a6de..eef6be132d 100644
--- a/OpenSim.Framework/UserProfile.cs
+++ b/OpenSim.Framework/UserProfile.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Text;
 using libsecondlife;
 using OpenSim.Framework.Inventory;
+using System.Security.Cryptography;
 
 namespace OpenSim.Framework.User
 {
@@ -38,8 +39,15 @@ namespace OpenSim.Framework.User
 
         public void InitSessionData()
         {
-            CurrentSessionID = LLUUID.Random();
-            CurrentSecureSessionID = LLUUID.Random();
+
+            System.Security.Cryptography.Rfc2898DeriveBytes b = new Rfc2898DeriveBytes(MD5passwd, 128);
+
+            RNGCryptoServiceProvider rand = new RNGCryptoServiceProvider();
+
+            CurrentSessionID = new LLUUID();
+            CurrentSecureSessionID = new LLUUID();
+            rand.GetBytes(CurrentSecureSessionID.Data);
+            rand.GetBytes(CurrentSessionID.Data);
         }
 
         public void AddSimCircuit(uint circuitCode, LLUUID regionUUID)