the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2025-01-02 21:12:02 +08:00
Code Issues Projects Releases Packages Wiki Activity

Use cryptographically secure random number generator for APP_SALT when available

Browse source
This commit is contained in:
Peter Linss 2019-11-19 16:48:40 -08:00
parent ba8bf15b4c
commit a7f03d101c
No known key found for this signature in database
GPG key ID: 0ED32B6657FA9FE0
1 changed files with 15 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
rainloop/v/0.0.0/include.php
View file

@ -126,13 +126,22 @@
if (false === $sSalt)
{
// random salt
$sSalt = '<'.'?php //'
.md5(microtime(true).rand(1000, 5000))
.md5(microtime(true).rand(5000, 9999))
.md5(microtime(true).rand(1000, 5000));
if (function_exists('random_bytes'))
{ // secure random salt
$sSalt = bin2hex(random_bytes(48));
}
elseif (function_exists('openssl_random_pseudo_bytes'))
{ // not-quite as secure random salt
$sSalt = bin2hex(openssl_random_pseudo_bytes(48));
}
else
{ // pseudo-random salt
$sSalt = md5(microtime(true).rand(1000, 5000))
.md5(microtime(true).rand(5000, 9999))
.md5(microtime(true).rand(1000, 5000));
}
@file_put_contents(APP_DATA_FOLDER_PATH.'SALT.php', $sSalt);
@file_put_contents(APP_DATA_FOLDER_PATH.'SALT.php', '<'.'?php //'.$sSalt);
}
define('APP_SALT', md5($sSalt.APP_PRIVATE_DATA_NAME.$sSalt));