diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-09-29 15:41:13 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-09-29 15:41:13 +0200 |
| commit | 992c2c9d4bc20db1dc8170dcc60dc4438dc55eb0 (patch) | |
| tree | 1b9cfb83b912d55c4766f7561dedbc63233793ee /lib/setup.php | |
| parent | 36f1c9b0835bd7118dc7d8aba4b4c56c6d922b09 (diff) | |
| download | nextcloud-server-992c2c9d4bc20db1dc8170dcc60dc4438dc55eb0.tar.gz nextcloud-server-992c2c9d4bc20db1dc8170dcc60dc4438dc55eb0.zip | |
mt_rand() is not secure from a cryptographic point of view, let's use openssl_random_pseudo_bytes() here
Diffstat (limited to 'lib/setup.php')
| -rw-r--r-- | lib/setup.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/setup.php b/lib/setup.php index c21c8be3957..6d8430c1036 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -79,7 +79,8 @@ class OC_Setup { } //generate a random salt that is used to salt the local user passwords - $salt=mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000).mt_rand(1000,9000); + $random_bytes = openssl_random_pseudo_bytes(30, $cstrong); + $salt = bin2hex($random_bytes); OC_Config::setValue('passwordsalt', $salt); //write the config file |