From 153992a458a1de35251a989b2f079307574c21d6 Mon Sep 17 00:00:00 2001
From: "nicolas.dorier" <nicolas.dorier@gmail.com>
Date: Tue, 10 Mar 2020 21:30:46 +0900
Subject: [PATCH] Use good rng for generating API keys

---
 BTCPayServer/Controllers/ManageController.APIKeys.cs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/BTCPayServer/Controllers/ManageController.APIKeys.cs b/BTCPayServer/Controllers/ManageController.APIKeys.cs
index 9db9e31f7..b5abfbb0e 100644
--- a/BTCPayServer/Controllers/ManageController.APIKeys.cs
+++ b/BTCPayServer/Controllers/ManageController.APIKeys.cs
@@ -10,6 +10,8 @@ using BTCPayServer.Security;
 using BTCPayServer.Security.APIKeys;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using NBitcoin;
+using NBitcoin.DataEncoders;
 using NSwag.Annotations;
 
 namespace BTCPayServer.Controllers
@@ -247,7 +249,7 @@ namespace BTCPayServer.Controllers
         {
             var key = new APIKeyData()
             {
-                Id = Guid.NewGuid().ToString().Replace("-", string.Empty, StringComparison.OrdinalIgnoreCase),
+                Id = Encoders.Hex.EncodeData(RandomUtils.GetBytes(20)),
                 Type = APIKeyType.Permanent,
                 UserId = _userManager.GetUserId(User),
                 Label = viewModel.Label