From 483b6238a3599595a678f995b2c7c9e9f07a7ce7 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Tue, 30 Jul 2013 18:46:02 +0200 Subject: Add truly random numbers and use them in places where randomness matters --- inc/PassHash.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/PassHash.class.php') diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 61bd74939..607661a22 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -98,7 +98,7 @@ class PassHash { $salt = ''; $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; for($i = 0; $i < $len; $i++) { - $salt .= $chars[mt_rand(0, 61)]; + $salt .= $chars[auth_random(0, 61)]; } return $salt; } -- cgit v1.2.3 From 08d5d52a34fa7f972f3a7da214f796ad72a9d944 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 4 Aug 2013 09:44:57 +0200 Subject: FS#2829 check if auth_random is available in PassHash --- inc/PassHash.class.php | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'inc/PassHash.class.php') diff --git a/inc/PassHash.class.php b/inc/PassHash.class.php index 607661a22..db6a3a77c 100644 --- a/inc/PassHash.class.php +++ b/inc/PassHash.class.php @@ -98,7 +98,7 @@ class PassHash { $salt = ''; $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; for($i = 0; $i < $len; $i++) { - $salt .= $chars[auth_random(0, 61)]; + $salt .= $chars[$this->random(0, 61)]; } return $salt; } @@ -541,4 +541,20 @@ class PassHash { return ($raw_output) ? pack($pack, $output) : $output; } + + /** + * Use DokuWiki's secure random generator if available + * + * @param $min + * @param $max + * + * @return int + */ + protected function random($min, $max){ + if(function_exists('auth_random')){ + return auth_random($min, $max); + }else{ + return mt_rand($min, $max); + } + } } -- cgit v1.2.3