Change config.sample entry and use MediumSecurity

diff --git a/config/config.sample.php b/config/config.sample.php
index 1e876e688ff8cffc5cce0aa6334cb0837aaed775..b895f236c4a8c85e7914652d7c3cde439ac7f2ea 100755 (executable)
--- a/config/config.sample.php
+++ b/config/config.sample.php
@@ -203,15 +203,17 @@ $CONFIG = array(
 
 /*
  * Length of sharing tokens and the resulting links.
- * This value defines how many possible sharing links there are, choosing a low value like 1 will make it easy to guess
+ * This value defines how many possible sharing links there are, choosing a low value like 3 will make it easy to guess
  * sharing links and will also limit the maximum number of shares. Behaviour after all tokens are used is undefined and
- * may result in breakage.
- * 1: Length of 4. Maximum of 65536 tokens. Links may look like this: example.com/s/1ekf
- * 2: Length of 8. Maximum of 2^32 tokens. Links may look like this: example.com/s/1z141z3
- * 3: (Default) Length of 16. Maximum of 2^64 tokens. Links may look like this: example.com/s/3w5e11264sgsf
- * 4: (Old default, but base36) Length of 32. Maximum of 2^128 tokens. Links may look like this: example.com/s/f5lxx1zz5pnorynqglhzmsp33
+ * may result in breakage. The minimum value is 3, the maximum value is 64. Default is 13. Some example values:
+ * Length of 3 (This value is not recommended). Maximum of 46656 tokens. Links may look like this: example.com/s/1ek
+ * Length of 8. Maximum of 2.8*10^12 tokens. Links may look like this: example.com/s/1z1a41z3
+ * Length of 13 (Default). Maximum of 1.7*10^20 tokens. Links may look like this: example.com/s/3w5e11264sgsf
+ * Length of 25 (Near old default). Maximum of 8*10^38 tokens. Links may look like this: example.com/s/f5lxx1zz5pnorynqglhzmsp33
+ * Length of 40. Maximum of 1.8*10^62 tokens. Links may look like this: example.com/s/8rnpuh6h4mnepp1hrnlicj80yxhyw8lq49gtid4n
+ * Length of 64. Maximum of 4*10^99 tokens. Links may look like this: example.com/s/i5yli3xmet7crsf2frc1o12ygsb824im9dmyikg45fvo3vym9tswzr0r4wmtgx7i
  */
-"sharing_token_length" => 3,
+"sharing_token_length" => 13,
 
 /*
  * Configure the size in bytes log rotation should happen, 0 or false disables the rotation.

diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index 5bebd16a9b4d12cac1c4409e5da33704407681f0..658eaeb3a416dffaf1b6bfb62862fcd13c4e95d4 100644 (file)
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -646,7 +646,7 @@ class Share extends \OC\Share\Constants {
                                        if ($tokenLength < 3 || $tokenLength > 64) {
                                                $tokenLength = 13;
                                        }
-                                       $token = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate($tokenLength,
+                                       $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate($tokenLength,
                                                \OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_DIGITS
                                        );
                                }