From 5ecc427dce65fbcbbc2be96cdce31b056200be7b Mon Sep 17 00:00:00 2001 From: "Zaiming (Stone) Shi" Date: Mon, 25 Apr 2022 11:38:28 +0200 Subject: [PATCH] fix(emqx_mgmt_auth): better randomisation of app secrets change from timestamp seeded hash (uuid) to crypto:strong_rand_bytes --- apps/emqx_management/src/emqx_mgmt_auth.erl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/emqx_management/src/emqx_mgmt_auth.erl b/apps/emqx_management/src/emqx_mgmt_auth.erl index fe1919632..cb9c4e7ab 100644 --- a/apps/emqx_management/src/emqx_mgmt_auth.erl +++ b/apps/emqx_management/src/emqx_mgmt_auth.erl @@ -182,4 +182,5 @@ trans(Fun) -> end. generate_api_secret() -> - emqx_guid:to_base62(emqx_guid:gen()). + Random = crypto:strong_rand_bytes(32), + emqx_base62:encode(Random).