getRandomMask uses Math.random

[coolaj86]

https://github.com/websockets/ws/blob/master/lib/Sender.js#L309

function getRandomMask() {
  return new Buffer([
    ~~(Math.random() * 255),
    ~~(Math.random() * 255),
    ~~(Math.random() * 255),
    ~~(Math.random() * 255)
  ]);
}

should be replaced with

function getRandomMask() {
  return require('crypto').randomBytes(4);
}

If the desire is to be more performant this can be accomplished by pooling random data like this:

var rlen = 256;
var rbytes = crypto.randomBytes(rlen);
var rcounter = 4;

function getRandomMask() {
  var result;

  if (rcounter >= rbytes.length) {
    rbytes = crypto.randomBytes(rlen);
    rcounter = 4;
  }

  result = rbytes.slice(rcounter - 4, rcountner);
  rcounter += 4;

  return result;
}

[JoshuaWise]

Pull requests are welcome!

[coolaj86]

Do you want the simple version or the performant version?

(I'd recommend doing simple and only switching if the benchmarks later show that the performant version is indeed necessary)

[coolaj86]

#832

[JoshuaWise]

I agree with using the simple version. I'll check out the PR soon.

[lpinca]

Closing as this has been addressed in 7253f06.