From 864df6cdac83ff2095fb2a126be73984fd33b1e2 Mon Sep 17 00:00:00 2001
From: Naoki Takezoe <takezoe@gmail.com>
Date: Tue, 1 May 2018 08:27:54 +0900
Subject: [PATCH] Use random UUID as blowfish key

---
 src/main/scala/gitbucket/core/util/StringUtil.scala | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/main/scala/gitbucket/core/util/StringUtil.scala b/src/main/scala/gitbucket/core/util/StringUtil.scala
index f61c89880..fa6672948 100644
--- a/src/main/scala/gitbucket/core/util/StringUtil.scala
+++ b/src/main/scala/gitbucket/core/util/StringUtil.scala
@@ -1,7 +1,7 @@
 package gitbucket.core.util
 
 import java.net.{URLDecoder, URLEncoder}
-import java.util.Base64
+import java.util.{Base64, UUID}
 
 import org.mozilla.universalchardet.UniversalDetector
 import SyntaxSugars._
@@ -13,9 +13,7 @@ import scala.util.control.Exception._
 object StringUtil {
 
   private lazy val BlowfishKey = {
-    // last 4 numbers in current timestamp
-    val time = System.currentTimeMillis.toString
-    time.substring(time.length - 4)
+    UUID.randomUUID().toString
   }
 
   def sha1(value: String): String =