From 483b6238a3599595a678f995b2c7c9e9f07a7ce7 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Tue, 30 Jul 2013 18:46:02 +0200 Subject: Add truly random numbers and use them in places where randomness matters --- _test/tests/inc/auth_random.test.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 _test/tests/inc/auth_random.test.php (limited to '_test') diff --git a/_test/tests/inc/auth_random.test.php b/_test/tests/inc/auth_random.test.php new file mode 100644 index 000000000..f380eba53 --- /dev/null +++ b/_test/tests/inc/auth_random.test.php @@ -0,0 +1,20 @@ +assertTrue($rand <= 2000, 'The generated number was above the limit'); + $this->assertTrue($rand >= 300, 'The generate number was too low'); + } + + function testLargeRandoms() { + $min = (1 << 30); + $max = $min + (1 << 33) + 17; + $rand = auth_random($min, $max); + $this->assertTrue($rand >= $min, 'The generated number was too low'); + $this->assertTrue($rand <= $max, 'The generated number was too high'); + } +} -- cgit v1.2.3 From 04369c3eae728e14962c41d1ab259f9e7ed99144 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Tue, 30 Jul 2013 18:50:28 +0200 Subject: Add AES from phpseclib and use it for cookie encryption This replaces the deprecated and broken Blowfish implementation that has previously been used and should provide a lot more security. --- _test/tests/inc/auth_encryption.test.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 _test/tests/inc/auth_encryption.test.php (limited to '_test') diff --git a/_test/tests/inc/auth_encryption.test.php b/_test/tests/inc/auth_encryption.test.php new file mode 100644 index 000000000..041eba00e --- /dev/null +++ b/_test/tests/inc/auth_encryption.test.php @@ -0,0 +1,12 @@ +assertEquals($data, auth_decrypt(auth_encrypt($data, $secret), $secret)); + } +} -- cgit v1.2.3