From adb0a2e204cdab4b4c97de46cf8d9bbdec8493e3 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Sun, 5 Apr 2020 23:33:55 -0700
Subject: [PATCH] CRM_Core_Key - Improve entropy of "privateKey"

In PHP 4/5, there was no good, universal source of entropy.  The old code
mitigated this by aggregating mediocre sources.  On my system, it appears
to be roughly:

* 2^31 for each `mt_rand()`
* 10^8 =~ 2^26 for each `uniqid(...TRUE)` (after discounting the non-random right half of the uniqid).

So that's ~114 bits (albeit low-quality bits).

In PHP 7, the docs describe `random_bytes()` as "generat[ing] cryptographically secure pseudo-random bytes."
---
 CRM/Core/Key.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/CRM/Core/Key.php b/CRM/Core/Key.php
index 83317ac149..2bbaf593e5 100644
--- a/CRM/Core/Key.php
+++ b/CRM/Core/Key.php
@@ -17,6 +17,16 @@
  *
  */
 class CRM_Core_Key {
+
+  /**
+   * The length of the randomly-generated, per-session signing key.
+   *
+   * Expressed as number of bytes. (Ex: 128 bits = 16 bytes)
+   *
+   * @var int
+   */
+  const PRIVATE_KEY_LENGTH = 16;
+
   public static $_key = NULL;
 
   public static $_sessionID = NULL;
@@ -32,7 +42,7 @@ class CRM_Core_Key {
       $session = CRM_Core_Session::singleton();
       self::$_key = $session->get('qfPrivateKey');
       if (!self::$_key) {
-        self::$_key = md5(uniqid(mt_rand(), TRUE)) . md5(uniqid(mt_rand(), TRUE));
+        self::$_key = base64_encode(random_bytes(self::PRIVATE_KEY_LENGTH));
         $session->set('qfPrivateKey', self::$_key);
       }
     }
-- 
2.25.1