Update app source of entropy for creating random blobs

Removed use of PHP's rand() functon in favor of openssl extension's openssl_random_pseudo_bytes() to create blobs with better entropy. Created function getBlob (from class Object) to get a sha256 hash created from randomness for use as object GUIDs, password salts, application tokens, etc.
author: Malf Furious <m@lfurio.us> 2016-01-30 20:48:14 -0500
committer: Malf Furious <m@lfurio.us> 2016-01-30 20:48:14 -0500
commit: b6bb1893ad7b4a901a28b0fa2e725141a7b39509 (patch)
tree: 9e289d252bff59205ce93450556ef9df5028b1c8 /app/class
parent: bad5036569b3c572f60dae034c42a8129adc29e5 (diff)
download: scrott-b6bb1893ad7b4a901a28b0fa2e725141a7b39509.tar.gz
scrott-b6bb1893ad7b4a901a28b0fa2e725141a7b39509.zip
1 files changed, 9 insertions, 2 deletions
diff --git a/app/class/object.class.php b/app/class/object.class.php
index 93b52f0..96cc810 100644
--- a/app/class/object.class.php
+++ b/app/class/object.class.php
@@ -214,13 +214,20 @@ abstract class Object extends Framework
     {
         do
         {
-            $sha = hash("sha256", rand());
-            $guid = substr($sha, 0, 8);
+            $guid = substr($this->getBlob(), 0, 8);
         }
         while ($this->isGUID($guid));
 
         return $guid;
     }
+
+    /*
+     * Get a random sha256 blob
+     */
+    function getBlob()
+    {
+        return hash("sha256", openssl_random_pseudo_bytes(64));
+    }
 }
 
 /*
author	Malf Furious <m@lfurio.us>	2016-01-30 20:48:14 -0500
committer	Malf Furious <m@lfurio.us>	2016-01-30 20:48:14 -0500
commit	b6bb1893ad7b4a901a28b0fa2e725141a7b39509 (patch)
tree	9e289d252bff59205ce93450556ef9df5028b1c8 /app/class
parent	bad5036569b3c572f60dae034c42a8129adc29e5 (diff)
download	scrott-b6bb1893ad7b4a901a28b0fa2e725141a7b39509.tar.gz scrott-b6bb1893ad7b4a901a28b0fa2e725141a7b39509.zip