Ticket #320 (fixed enhancement)
Create a "more random" random function
- Created: 2011-02-25 18:27:08
- Reported by: Reines
- Assigned to: Reines
- Milestone: 2.0-alpha1
- Component: security
- Priority: normal
For security related aspects such as generating salts or session IDs we should make use of a more secure random generator - possibly reading from /dev/urandom if it exists, for example.
History
Franz 2011-04-06 09:43:09

I see you added a function in your new password module. Any way we could use that function for this ticket, too? I don't see how we could only implement it once and still avoid unwanted dependencies in either direction, though.
Reines 2011-04-06 09:55:22

- Owner set to Reines.
Yes I was aiming to use it for this ticket - I don't really see where the dependency problems are, the API module will need to depend on the Password module, but that should be it?
Reines 2011-04-06 10:12:33

- Status changed from open to fixed.
Okay this should now be implemented in the PasswordHash class.
Franz 2011-04-06 10:17:36

Ok, I didn't realize this function was only going to be used for password hashing etc.
Reines 2011-04-06 10:20:16

All it should be needed for is generating salts, random passwords, and session IDs - all of which should be part of the API module.