New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Weak entropy for password generation #59
Comments
Well, mt_rand is used to generate the salt in SSHA and SMD5 passwords, not to generate passwords, so I don't see the real issue here. And SMS token is not a crypto value, it is just a simple text token. |
My bad about the hashes, I misread. But the SMS token is a cryptographic value, that shouldn't be predictable by an attacker |
Could you give us an example on how to guess the SMS token? |
This paper provides a nice overview of attacks against php's PRNG. |
You might want to use openssl_random_pseudo_bytes instead. Or, at stated in php's documentation:
The userland implementation being random_compat |
Sorry, I mean php-mcrypt is required for php < 7.0 because random_bytes is not available. It seems openssl_random_pseudo_bytes does not produce cryptography secure bytes for all php versions and should be avoided issue other Thank you for pointing out random_compat. It looks like it is the best polyfill for random_bytes(). Extract from its code for discussion/convenience :
@coudot |
The |
I would prefer use a standard PHP extension. We can indeed have checks on PHP version and use the best cryptographic function depending on that. |
Then please fail early and hard, instead of hiding gracefully degrading to unsafe primitives. |
@coudot
Not covered by this proposition : sms tokens Pro/Cons vs random_compat
|
@plewin, yes it can be a solution |
Currently, some passwords are generated with mt_rand, which is bad idea. This method is also used to generate sms tokens, making them predictable.
As explained in the php documentation:
The text was updated successfully, but these errors were encountered: