mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mt_rand() is not secure from a cryptographic point of view, let's use openssl_random_pseudo_bytes() here

This commit is contained in:
Lukas Reschke 2012-09-29 15:41:13 +02:00
parent 36f1c9b083
commit 992c2c9d4b
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/setup.php
View File

@ -79,7 +79,8 @@ class OC_Setup {
}
//generate a random salt that is used to salt the local user passwords
$salt=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
$random_bytes = openssl_random_pseudo_bytes(30, $cstrong);
$salt = bin2hex($random_bytes);
OC_Config::setValue('passwordsalt', $salt);
//write the config file