Ticket #320 (fixed enhancement)
Create a "more random" random function
- Created: 2011-02-25 18:27:08
- Reported by: Reines
- Assigned to: Reines
- Milestone: 2.0-alpha1
- Component: security
- Priority: normal
For security related aspects such as generating salts or session IDs we should make use of a more secure random generator - possibly reading from /dev/urandom if it exists, for example.
Franz 2011-04-06 09:43:09
I see you added a function in your new password module. Any way we could use that function for this ticket, too? I don't see how we could only implement it once and still avoid unwanted dependencies in either direction, though.
Reines 2011-04-06 09:55:22
- Owner set to Reines.
Yes I was aiming to use it for this ticket - I don't really see where the dependency problems are, the API module will need to depend on the Password module, but that should be it?
Reines 2011-04-06 10:12:33
- Status changed from open to fixed.
Okay this should now be implemented in the PasswordHash class.
Franz 2011-04-06 10:17:36
Ok, I didn't realize this function was only going to be used for password hashing etc.
Reines 2011-04-06 10:20:16
All it should be needed for is generating salts, random passwords, and session IDs - all of which should be part of the API module.
Franz 2011-04-06 10:23:22
Ah, well, in that case...