PHPCRED-37: Replace mt_rand() usage with something more secure

Issue Information

Issue Type: New Feature
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: PHPCredlocker (PHPCRED)
Resolution: Done (2015-08-27 01:07:47)

Created: 2014-08-07 21:52:56
Time Spent Working

Replace usage of mt_rand() in key generation with something more cryptographically secure. mt_rand uses Mersenne Twister which is not considered cryptographically secure, which may lead to predictable keys -

Toggle State Changes


Partially implemented, would like to implement the option to use /dev/random but need to ensure it's possible to do without risking blocking.
btasker changed status from 'Open' to 'Resolved'
btasker added 'Ben Tasker' to assignee
btasker added 'Done' to resolution
btasker changed status from 'Resolved' to 'Closed'