[TYPO3-core] RFC #9852: Feature: Provide a random byte generator in TYPO3 Core
Marcus Krause
marcus#exp2008 at t3sec.info
Sat Nov 29 05:27:02 CET 2008
Dmitry Dulepov schrieb am 28.11.2008 14:59 Uhr:
> Hi!
>
> Marcus Krause wrote:
>> Yes it's a fallback and documented as such.
>>
>> As Dmitry is using a similar implementation for OpenID, it's shows the
>> need for such function.
>>
>> I will check which implementation (this patch or Dmitry's OpenID stuff)
>> provides a greater entropy.
After looking into the differences between OpenID implementation and
this patch, I highly recommand using this patch as it provides a greater
entropy.
>> 9852_v2.diff has a small bug; $output has to be set to an empty string
>> before the /dev/urandom test as the fallback concats $output
>
> By default it will be empty... But we can add this assignment, yes.
> This will also prevent PHP notice.
Attached is v3 of the patch. I added the assignment on top of the
function. I also replaced md5 hashing function by sha1.
Marcus.
--
Member TYPO3 Security Team
Jabber: mkrau at jabber.tu-clausthal.de
Skype: magkes
Phone: +49-5323-996034
Mobile: +49-176-20315369
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 9852_v3.diff
Type: text/x-diff
Size: 1300 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20081129/21c93ea6/attachment.diff
More information about the TYPO3-team-core
mailing list