Replaced random() with arc4random().

3 files changed, 8 insertions, 9 deletions

diff --git a/mastoapi.c b/mastoapi.c
index af8fb27..c562203 100644
--- a/mastoapi.c
+++ b/mastoapi.c
@@ -21,10 +21,10 @@ static xs_str *random_str(void)
         fclose(f);
     }
     else {
-        data[0] = random() % 0xffffffff;
-        data[1] = random() % 0xffffffff;
-        data[2] = random() % 0xffffffff;
-        data[3] = random() % 0xffffffff;
+        data[0] = arc4random();
+        data[1] = arc4random();
+        data[2] = arc4random();
+        data[3] = arc4random();
     }
 
     return xs_hex_enc((char *)data, sizeof(data));
diff --git a/snac.c b/snac.c
index a5b2080..f818dd8 100644
--- a/snac.c
+++ b/snac.c
@@ -123,7 +123,7 @@ d_char *hash_password(const char *uid, const char *passwd, const char *nonce)
     xs *hash;
 
     if (nonce == NULL) {
-        d_nonce = xs_fmt("%08x", random());
+        d_nonce = xs_fmt("%08x", arc4random());
         nonce = d_nonce;
     }
 
diff --git a/utils.c b/utils.c
index 24a6be6..24a2c66 100644
--- a/utils.c
+++ b/utils.c
@@ -198,10 +198,9 @@ void new_password(const char *uid, d_char **clear_pwd, d_char **hashed_pwd)
 {
     int rndbuf[3];
 
-    srandom(time(NULL) ^ getpid());
-    rndbuf[0] = random() & 0xffffffff;
-    rndbuf[1] = random() & 0xffffffff;
-    rndbuf[2] = random() & 0xffffffff;
+    rndbuf[0] = arc4random();
+    rndbuf[1] = arc4random();
+    rndbuf[2] = arc4random();
 
     *clear_pwd  = xs_base64_enc((char *)rndbuf, sizeof(rndbuf));
     *hashed_pwd = hash_password(uid, *clear_pwd, NULL);