Session : use securerandom

1 files changed, 4 insertions, 32 deletions

diff --git a/lib/zorglub/session.rb b/lib/zorglub/session.rb
index 05b91d6..82a3763 100644
--- a/lib/zorglub/session.rb
+++ b/lib/zorglub/session.rb
@@ -110,39 +110,11 @@ module Zorglub
     end
 
     def generate_sid!
-      begin sid = sid_algorithm end while @sessions.key? sid
-      sid
-    end
-
-    begin
-      require 'securerandom'
-      # Using SecureRandom, optional length.
-      # SecureRandom is available since Ruby 1.8.7.
-      # For Ruby versions earlier than that, you can require the uuidtools gem,
-      # which has a drop-in replacement for SecureRandom.
-      def sid_algorithm
-        SecureRandom.hex(@options[:sid_len])
-      end
-    rescue LoadError
-      require 'openssl'
-      # Using OpenSSL::Random for generation, this is comparable in performance
-      # with stdlib SecureRandom and also allows for optional length, it should
-      # have the same behaviour as the SecureRandom::hex method of the
-      # uuidtools gem.
-      def sid_algorithm
-        OpenSSL::Random.random_bytes(@options[:sid_len] / 2).unpack1('H*')[0]
-      end
-    rescue LoadError
-      # Digest::SHA2::hexdigest produces a string of length 64, although
-      # collisions are not very likely, the entropy is still very low and
-      # length is not optional.
-      #
-      # Replacing it with OS-provided random data would take a lot of code and
-      # won't be as cross-platform as Ruby.
-      def sid_algorithm
-        entropy = [srand, rand, Time.now.to_f, rand, $$, rand, object_id]
-        Digest::SHA2.hexdigest(entropy.join)
+      loop do
+        sid = SecureRandom.hex(@options[:sid_len])
+        break unless @sessions.key?(sid)
       end
+      sid
     end
   end
 end