[Tickets #8425] Re: Poor salt generation for crypt-*
bugs at horde.org
bugs at horde.org
Sun Jul 12 02:22:36 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/8425
------------------------------------------------------------------------------
Ticket | 8425
Updated By | lowzl at hotmail.com
Summary | Poor salt generation for crypt-*
Queue | Horde Framework Packages
Version | Git master
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
lowzl at hotmail.com (2009-07-11 22:22) wrote:
A similar thing should be fine -
substr(base64_encode(hash('md5', mt_rand(), true)), 0, 2) for example.
(It would be best to not use a MD5 at all and just use the random
numbers directly, but I'm not sure how to do that.) I don't know what
the salt requirements for crypt-blowfish are.
More information about the bugs
mailing list