Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use random_bytes for random string generation #3946

Closed
MrPetovan opened this issue Nov 25, 2017 · 2 comments
Closed

Use random_bytes for random string generation #3946

MrPetovan opened this issue Nov 25, 2017 · 2 comments
Assignees
@MrPetovan
Labels
Enhancement Security
Milestone
3.6

Comments

@MrPetovan
Copy link
Collaborator

Since version 7, PHP provides a cryptographically secure random bytes generators with random_bytes(). It should replace the current homecooking we are doing in https://github.com/friendica/friendica/blob/develop/include/text.php#L51

Additionally, we can use the following polyfill for PHP < 7 and >= 5.4 : https://github.com/paragonie/random_compat

Related to #3942
@MrPetovan MrPetovan mentioned this issue Nov 25, 2017
Closed
4 tasks
@annando
Copy link
Collaborator

annando commented Nov 25, 2017

As long as this function can generate random strings of a given length, I totally support this.

@MrPetovan
Copy link
Collaborator Author

Sure it can, it’s its only parameter!

http://php.net/manual/en/function.random-bytes.php

This was referenced Nov 26, 2017
Merged
Merged
@MrPetovan MrPetovan self-assigned this Nov 26, 2017
@MrPetovan MrPetovan added this to the 3.6 milestone Mar 9, 2018
@MrPetovan MrPetovan changed the title Security: Use random_bytes for random string generation Use random_bytes for random string generation Mar 12, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MrPetovan MrPetovan

Labels
Enhancement Security
Projects
None yet
Milestone
3.6
Development

No branches or pull requests
2 participants
@annando @MrPetovan