open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

mt_rand() is not secure from a cryptographic point of view, let's use openssl_random_pseudo_bytes() here

Browse Source
remotes/origin/stable45
Lukas Reschke 14 years ago
parent 36f1c9b083
commit 992c2c9d4b
1 changed files with 2 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      lib/setup.php

3
lib/setup.php
Unescape View File

@ -79,7 +79,8 @@ class OC_Setup {
}
//generate a random salt that is used to salt the local user passwords
$salt=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000);
$random_bytes = openssl_random_pseudo_bytes(30, $cstrong);
$salt = bin2hex($random_bytes);
OC_Config::setValue('passwordsalt', $salt);
//write the config file

Write Preview
Loading…
Cancel
Save