mt_rand() is not secure from a cryptographic point of view, let's use openssl_random_pseudo_bytes() here
This commit is contained in:
parent
36f1c9b083
commit
992c2c9d4b
|
@ -79,7 +79,8 @@ class OC_Setup {
|
||||||
}
|
}
|
||||||
|
|
||||||
//generate a random salt that is used to salt the local user passwords
|
//generate a random salt that is used to salt the local user passwords
|
||||||
$salt=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
|
$random_bytes = openssl_random_pseudo_bytes(30, $cstrong);
|
||||||
|
$salt = bin2hex($random_bytes);
|
||||||
OC_Config::setValue('passwordsalt', $salt);
|
OC_Config::setValue('passwordsalt', $salt);
|
||||||
|
|
||||||
//write the config file
|
//write the config file
|
||||||
|
|
Loading…
Reference in New Issue