vcs.fsf.org Git - civicrm-core.git/commit

author	Tim Otten <totten@civicrm.org>
	Mon, 6 Apr 2020 06:33:55 +0000 (23:33 -0700)
committer	Seamus Lee <seamuslee001@gmail.com>
	Wed, 19 Aug 2020 06:16:45 +0000 (16:16 +1000)
commit	92a8ec76be683d3511a76b6a8dc095cc5138cd47
tree	0027e8469fe1714166b32961385a7b00e4f5895b	tree \| snapshot (zip tar.gz)
parent	972838edc485502031028f6fe01d35b3651e64b6	commit \| diff

CRM_Core_Key - Improve entropy of "privateKey"

In PHP 4/5, there was no good, universal source of entropy. The old code
mitigated this by aggregating mediocre sources. On my system, it appears
to be roughly:

* 2^31 for each `mt_rand()`
* 10^8 =~ 2^26 for each `uniqid(...TRUE)` (after discounting the non-random right half of the uniqid).

So that's ~114 bits (albeit low-quality bits).

In PHP 7, the docs describe `random_bytes()` as "generat[ing] cryptographically secure pseudo-random bytes."

CRM/Core/Key.php

diff | blob | blame | history

RSS Atom