Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#8325] - Drop the userspace PRNG, use random_compat

?
avatar paragonie-scott
paragonie-scott
8 Nov 2015

https://github.com/joomla/joomla-cms/blob/ec8a72f4cd0519786b9001dd3dd593131e7d32d2/libraries/joomla/crypt/crypt.php#L165-L246

When it comes to cryptography, there's basically no reason to not always use a CSPRNG.

PHP 7 ships with random_bytes() and random_int() for this exact purpose. For PHP 5 projects, check out the random_compat polyfill.

avatar paragonie-scott paragonie-scott - open - 8 Nov 2015
avatar mbabker mbabker - reference | 2116b1d - 9 Nov 15
avatar mbabker
mbabker - comment - 9 Nov 2015

See #8351

avatar zero-24 zero-24 - change - 9 Nov 2015
Category Libraries
avatar zero-24 zero-24 - change - 9 Nov 2015
Labels Added: ?
avatar mbabker mbabker - change - 11 Nov 2015
Status New Closed
Closed_Date 0000-00-00 00:00:00 2015-11-11 01:39:46
Closed_By mbabker
avatar mbabker mbabker - close - 11 Nov 2015

Add a Comment

Login with GitHub to post a comment