From 79f354b1115a5b0b9f7c36aaf2a9d7d5f7c7d056 Mon Sep 17 00:00:00 2001
From: Michael Primm <mike@primmhome.com>
Date: Wed, 27 Sep 2023 12:25:14 -0500
Subject: [PATCH] Switch to SecureRandom for web auth token (avoid hugely
 unlikely compromise during login register process...).

---
 DynmapCore/src/main/java/org/dynmap/WebAuthManager.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/DynmapCore/src/main/java/org/dynmap/WebAuthManager.java b/DynmapCore/src/main/java/org/dynmap/WebAuthManager.java
index a04d0948..6983b925 100644
--- a/DynmapCore/src/main/java/org/dynmap/WebAuthManager.java
+++ b/DynmapCore/src/main/java/org/dynmap/WebAuthManager.java
@@ -7,11 +7,11 @@ import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Properties;
-import java.util.Random;
 import java.util.Set;
 
 import org.dynmap.common.DynmapCommandSender;
@@ -26,7 +26,7 @@ public class WebAuthManager {
     public static final String WEBAUTHFILE = "webauth.txt";
     private static final String HASHSALT = "$HASH_SALT$";
     private static final String PWDHASH_PREFIX = "hash.";
-    private Random rnd = new Random();
+    private SecureRandom rnd = new SecureRandom();
     private DynmapCore core;
     private String publicRegistrationURL;