projects / civicrm-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df8b072)
dev/core#2370 - Installer - Bump up entropy for autogenerated cred keys
authorTim Otten <totten@civicrm.org>
Tue, 9 Feb 2021 10:51:05 +0000 (02:51 -0800)
committerTim Otten <totten@civicrm.org>
Tue, 9 Feb 2021 10:51:05 +0000 (02:51 -0800)
This slightly expands the amount of entropy for certain auto-generated values.

Before
-----

~99% of generated values have >=232 bits

After
-----

~99% of generated values have >=260 bits

Technical details
--------

https://lab.civicrm.org/dev/core/-/issues/2370#note_53832

setup/plugins/installFiles/GenerateCredKey.civi-setup.php patch | blob | blame | history

diff --git a/setup/plugins/installFiles/GenerateCredKey.civi-setup.php b/setup/plugins/installFiles/GenerateCredKey.civi-setup.php
index 8de7d8f56dda0c7479319d696b1924a8b17dab3f..33676d50557db23c7a6a2d24a2ada05a882d1a7b 100644 (file)
--- a/setup/plugins/installFiles/GenerateCredKey.civi-setup.php
+++ b/setup/plugins/installFiles/GenerateCredKey.civi-setup.php
@@ -18,7 +18,7 @@ if (!defined('CIVI_SETUP')) {
     };
 
   if (empty($e->getModel()->credKeys)) {
-    $e->getModel()->credKeys = ['aes-cbc:hkdf-sha256:' . $toAlphanum(random_bytes(32))];
+    $e->getModel()->credKeys = ['aes-cbc:hkdf-sha256:' . $toAlphanum(random_bytes(37))];
   }
 
   if (is_string($e->getModel()->credKeys)) {