From c8e4fe01e4a21c3ddafe003984f80ade45a6c092 Mon Sep 17 00:00:00 2001 From: kink Date: Thu, 21 Aug 2008 11:32:11 +0000 Subject: [PATCH] make sure we've ran our own random seeder before using mt_rand git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13266 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- plugins/change_password/backend/ldap.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/plugins/change_password/backend/ldap.php b/plugins/change_password/backend/ldap.php index d325cb3c..a947ba0d 100644 --- a/plugins/change_password/backend/ldap.php +++ b/plugins/change_password/backend/ldap.php @@ -554,6 +554,7 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') { if ($forced_salt!='') { $salt=$forced_salt; } else { + sq_mt_randomize(); $salt = mhash_keygen_s2k( MHASH_MD5, $pass, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); } $ret = "{SMD5}".base64_encode( mhash( MHASH_MD5, $pass.$salt ).$salt ); @@ -594,6 +595,7 @@ function cpw_ldap_password_hash($pass,$crypto,&$msgs,$forced_salt='') { if ($forced_salt!='') { $salt=$forced_salt; } else { + sq_mt_randomize(); $salt = mhash_keygen_s2k( MHASH_SHA1, $pass, substr( pack( "h*", md5( mt_rand() ) ), 0, 8 ), 4 ); } $ret = "{SSHA}".base64_encode( mhash( MHASH_SHA1, $pass.$salt ).$salt ); -- 2.25.1