From 62bbd5ef5f25e1d89d67a00cc3b51a954013d7cb Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 23 Jan 2011 11:15:33 +0100
Subject: use a bigger range of characters for password salts

---
 inc/PassHash.class.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'inc/PassHash.class.php')

diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php
index c4a6d78d0..cb46c5928 100644
--- a/inc/PassHash.class.php
+++ b/inc/PassHash.class.php
@@ -77,11 +77,13 @@ class PassHash {
     /**
      * Create a random salt
      *
-     * @todo use full range of characters instead of hex values only
      * @param int $len - The length of the salt
      */
     public function gen_salt($len=32){
-        return substr(md5(uniqid(rand(), true)),0,$len);
+        $salt  = '';
+        $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
+        for($i=0;$i<$len,$i++;) $salt .= $chars[mt_rand(0,61)];
+        return $salt;
     }
 
     /**
-- 
cgit v1.2.3