From e7feca0e53d77a13745db865ae860ce7da184dee Mon Sep 17 00:00:00 2001
From: Sebastien SAUVAGE <sebsauvage@sebsauvage.net>
Date: Thu, 6 Feb 2014 22:33:55 +0100
Subject: [PATCH] Stronger server salt

ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm)

(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)

Conflicts:
	lib/serversalt.php
	lib/vizhash16x16.php
---
 lib/serversalt.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/lib/serversalt.php b/lib/serversalt.php
index c207df1..47bc554 100644
--- a/lib/serversalt.php
+++ b/lib/serversalt.php
@@ -39,8 +39,15 @@ class serversalt extends persistence
     public static function generate()
     {
         $randomSalt = '';
-        for($i=0; $i<16; ++$i) {
-            $randomSalt .= base_convert(mt_rand(), 10, 16);
+        if (function_exists('mcrypt_create_iv'))
+        {
+            $randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
+        }
+        else // fallback to mt_rand()
+        {
+            for($i = 0; $i < 16; ++$i) {
+                $randomSalt .= base_convert(mt_rand(), 10, 16);
+            }
         }
         self::$_salt = $randomSalt;
         return self::$_salt;