diff options
author | Malf Furious <m@lfurio.us> | 2016-01-30 20:48:14 -0500 |
---|---|---|
committer | Malf Furious <m@lfurio.us> | 2016-01-30 20:48:14 -0500 |
commit | b6bb1893ad7b4a901a28b0fa2e725141a7b39509 (patch) | |
tree | 9e289d252bff59205ce93450556ef9df5028b1c8 | |
parent | bad5036569b3c572f60dae034c42a8129adc29e5 (diff) | |
download | scrott-b6bb1893ad7b4a901a28b0fa2e725141a7b39509.tar.gz scrott-b6bb1893ad7b4a901a28b0fa2e725141a7b39509.zip |
Update app source of entropy for creating random blobs
Removed use of PHP's rand() functon in favor of openssl extension's openssl_random_pseudo_bytes() to create blobs with better entropy.
Created function getBlob (from class Object) to get a sha256 hash created from randomness for use as object GUIDs, password salts, application tokens, etc.
Diffstat (limited to '')
-rw-r--r-- | app/class/object.class.php | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/app/class/object.class.php b/app/class/object.class.php index 93b52f0..96cc810 100644 --- a/app/class/object.class.php +++ b/app/class/object.class.php @@ -214,13 +214,20 @@ abstract class Object extends Framework { do { - $sha = hash("sha256", rand()); - $guid = substr($sha, 0, 8); + $guid = substr($this->getBlob(), 0, 8); } while ($this->isGUID($guid)); return $guid; } + + /* + * Get a random sha256 blob + */ + function getBlob() + { + return hash("sha256", openssl_random_pseudo_bytes(64)); + } } /* |