PHPCRED-37: Replace mt_rand() usage with something more secure

Issue Information

Issue Type: New Feature
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Done (2015-08-27 01:07:47)

Created: 2014-08-07 21:52:56
Time Spent Working


Description
Replace usage of mt_rand() in key generation with something more cryptographically secure. mt_rand uses Mersenne Twister which is not considered cryptographically secure, which may lead to predictable keys - http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt.html


Toggle State Changes

Activity


2014-08-09 22:38:56
Partially implemented, would like to implement the option to use /dev/random but need to ensure it's possible to do without risking blocking.

2015-08-27 01:07:47
Closing, this was implemented way back in https://github.com/bentasker/PHPCredLocker/commit/1006ca409e99bac50f274791ccfc099dddfe6a6c

2015-08-27 01:07:47
btasker changed status from 'Open' to 'Resolved'

2015-08-27 01:07:47
btasker added 'Ben Tasker' to assignee

2015-08-27 01:07:47
btasker added 'Done' to resolution

2015-08-27 01:07:51
btasker changed status from 'Resolved' to 'Closed'