Use phpseclib's Crypt module to generate encryption keys

Signed-off-by: Michal Čihař <michal@cihar.com>
phpmyadmin · Jul 12, 2016 · 698ef51 · 698ef51
1 parent c976baa
commit 698ef51
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/libraries/config/ServerConfigChecks.class.php b/libraries/config/ServerConfigChecks.class.php
@@ -223,7 +223,12 @@ protected function performConfigChecksServersSetBlowfishSecret(
         $blowfishSecret, $cookieAuthServer, $blowfishSecretSet
     ) {
         if ($cookieAuthServer && $blowfishSecret === null) {
-            $blowfishSecret = uniqid('', true);
+            if (! function_exists('openssl_random_pseudo_bytes')) {
+                $blowfishSecret = bin2hex(phpseclib\Crypt\Random::string(16));
+            } else {
+                $blowfishSecret = bin2hex(openssl_random_pseudo_bytes(16));
+            }
+
             $blowfishSecretSet = true;
             $this->cfg->set('blowfish_secret', $blowfishSecret);
             return array($blowfishSecret, $blowfishSecretSet);