[TYPO3-core] RFC: Feature #10131: Use TYPO3 encryption key in initial state of random byte generation
Marcus Krause
marcus#exp2009 at t3sec.info
Wed Jan 14 12:00:44 CET 2009
Hi!
This is an SVN patch request.
Type: feature
Branches: trunk
Bugtracker reference: http://bugs.typo3.org/view.php?id=10131
Problem:
Function t3lib_div::generateRandomBytes() (fallback part for OS windows)
could be improved when using TYPO3's encryption key to create a (more
unpredictable) initial state.
Besides due to md5()'s shorter length in contrary to sha1(), we should
use md5() to get as much timestamps as possible in the resulting byte
stream.
Solution:
Use TYPO3 encryption key and replace sha1() calls with md5().
Furthermore, patch enhances initial state with a microtime() call.
Notes:
At line 1726 a trailing whitespace will be removed too.
Marcus.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 10131.diff
Type: text/x-diff
Size: 1096 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20090114/347b3c85/attachment.diff
More information about the TYPO3-team-core
mailing list