arno/privatebin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Stronger server salt

Browse Source 
ZeroBin now generates a much stronger salt. This fixes issue #68
(mentioned in section 2.1 of https://defuse.ca/audits/zerobin.htm)

(cherry picked from commit a24212afda90ca3e4b4ff5ce30d2012709b58a28)

Conflicts:
	lib/serversalt.php
	lib/vizhash16x16.php
This commit is contained in:
Sebastien SAUVAGE 2014-02-06 22:33:55 +01:00 committed by El RIDO
parent 4f72f04eda
commit e7feca0e53
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/serversalt.php
View File

@ -39,8 +39,15 @@ class serversalt extends persistence
public static function generate() public static function generate()
{ {
$randomSalt = ''; $randomSalt = '';
for($i=0; $i<16; ++$i) { if (function_exists('mcrypt_create_iv'))
$randomSalt .= base_convert(mt_rand(), 10, 16); {
$randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
}
else // fallback to mt_rand()
{
for($i = 0; $i < 16; ++$i) {
$randomSalt .= base_convert(mt_rand(), 10, 16);
}
} }
self::$_salt = $randomSalt; self::$_salt = $randomSalt;
return self::$_salt; return self::$_salt;