[TYPO3-core] RFC: Feature #10131: Use TYPO3 encryption key in initial state of random byte generation
Marcus Krause
marcus#exp2009 at t3sec.info
Wed Feb 11 16:25:02 CET 2009
Marcus Krause schrieb am 01/14/2009 12:00 PM Uhr:
> Hi!
>
> This is an SVN patch request.
>
> Type: feature
>
> Branches: trunk
>
> Bugtracker reference: http://bugs.typo3.org/view.php?id=10131
>
>
> Problem:
> Function t3lib_div::generateRandomBytes() (fallback part for OS windows)
> could be improved when using TYPO3's encryption key to create a (more
> unpredictable) initial state.
> Besides due to md5()'s shorter length in contrary to sha1(), we should
> use md5() to get as much timestamps as possible in the resulting byte
> stream.
(Last) Reminder #3
FYI: I'm not going to send a further one. (Btw, 4.0, 4.1 and 4.2 are
already using the new version back-ported as security fix.)
Marcus.
More information about the TYPO3-team-core
mailing list