Stronger server salt
ZeroBin now generates a much stronger salt. This fixes issue #68 (mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm) (cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) Conflicts: lib/serversalt.php lib/vizhash16x16.php
This commit is contained in:
parent
4f72f04eda
commit
e7feca0e53
|
@ -39,9 +39,16 @@ class serversalt extends persistence
|
||||||
public static function generate()
|
public static function generate()
|
||||||
{
|
{
|
||||||
$randomSalt = '';
|
$randomSalt = '';
|
||||||
for($i=0; $i<16; ++$i) {
|
if (function_exists('mcrypt_create_iv'))
|
||||||
|
{
|
||||||
|
$randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
|
||||||
|
}
|
||||||
|
else // fallback to mt_rand()
|
||||||
|
{
|
||||||
|
for($i = 0; $i < 16; ++$i) {
|
||||||
$randomSalt .= base_convert(mt_rand(), 10, 16);
|
$randomSalt .= base_convert(mt_rand(), 10, 16);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
self::$_salt = $randomSalt;
|
self::$_salt = $randomSalt;
|
||||||
return self::$_salt;
|
return self::$_salt;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue