Fork me on GitHub
Subscribe 2

Ticket #320 (fixed enhancement)

Create a "more random" random function

  • Created: 2011-02-25 18:27:08
  • Reported by: Reines
  • Assigned to: Reines
  • Milestone: 2.0-alpha1
  • Component: security
  • Priority: normal

For security related aspects such as generating salts or session IDs we should make use of a more secure random generator - possibly reading from /dev/urandom if it exists, for example.


Franz 2011-04-06 09:43:09

I see you added a function in your new password module. Any way we could use that function for this ticket, too? I don't see how we could only implement it once and still avoid unwanted dependencies in either direction, though.

Reines 2011-04-06 09:55:22

  • Owner set to Reines.

Yes I was aiming to use it for this ticket - I don't really see where the dependency problems are, the API module will need to depend on the Password module, but that should be it?

Reines 2011-04-06 10:12:33

  • Status changed from open to fixed.

Okay this should now be implemented in the PasswordHash class.

Franz 2011-04-06 10:17:36

Ok, I didn't realize this function was only going to be used for password hashing etc.

Reines 2011-04-06 10:20:16

All it should be needed for is generating salts, random passwords, and session IDs - all of which should be part of the API module.

Franz 2011-04-06 10:23:22

Ah, well, in that case... wink