mirror of
https://github.com/PrivateBin/PrivateBin.git
synced 2024-12-24 06:49:29 -05:00
Stronger server salt
ZeroBin now generates a much stronger salt. This fixes issue #68 (mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm) (cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) Conflicts: lib/serversalt.php lib/vizhash16x16.php
This commit is contained in:
parent
4f72f04eda
commit
e7feca0e53
@ -39,8 +39,15 @@ class serversalt extends persistence
|
||||
public static function generate()
|
||||
{
|
||||
$randomSalt = '';
|
||||
for($i=0; $i<16; ++$i) {
|
||||
$randomSalt .= base_convert(mt_rand(), 10, 16);
|
||||
if (function_exists('mcrypt_create_iv'))
|
||||
{
|
||||
$randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
|
||||
}
|
||||
else // fallback to mt_rand()
|
||||
{
|
||||
for($i = 0; $i < 16; ++$i) {
|
||||
$randomSalt .= base_convert(mt_rand(), 10, 16);
|
||||
}
|
||||
}
|
||||
self::$_salt = $randomSalt;
|
||||
return self::$_salt;
|
||||
|
Loading…
Reference in New Issue
Block a user