[Tickets #7447] Re: Audit for inappropriate use of mt_rand()
bugs at horde.org
bugs at horde.org
Mon Apr 4 22:04:12 UTC 2011
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/7447
------------------------------------------------------------------------------
Ticket | 7447
Updated By | Jan Schneider <jan at horde.org>
Summary | Audit for inappropriate use of mt_rand()
Queue | Horde Base
Version | Git master
Type | Bug
State | Assigned
Priority | 2. Medium
Milestone | 4.0
Patch |
Owners | Horde Developers, Chuck Hagenbuch
------------------------------------------------------------------------------
Jan Schneider <jan at horde.org> (2011-04-04 22:04) wrote:
In Horde_Auth::getSalt(), we always use an MD5 hash as the basis for
the salt, unless a seed is specified. What I don't get is, why we
sometimes hash mt_rand() directly, and sometimes 2 or 3 calls to
mt_rand(), converted to hex strings?
More information about the bugs
mailing list