improve salt generation for crypt-md5 passwords (lowzl@hotmail.com, Bug #8425)

author Chuck Hagenbuch <chuck@horde.org>

Mon, 20 Jul 2009 18:10:13 +0000 (14:10 -0400)

committer Chuck Hagenbuch <chuck@horde.org>

Mon, 20 Jul 2009 18:10:13 +0000 (14:10 -0400)
author Chuck Hagenbuch <chuck@horde.org>
Mon, 20 Jul 2009 18:10:13 +0000 (14:10 -0400)
committer Chuck Hagenbuch <chuck@horde.org>
Mon, 20 Jul 2009 18:10:13 +0000 (14:10 -0400)
diff --git a/framework/Auth/lib/Horde/Auth.php b/framework/Auth/lib/Horde/Auth.php

index 8ac3d75..924e4ea 100644 (file)
--- a/framework/Auth/lib/Horde/Auth.php
+++ b/framework/Auth/lib/Horde/Auth.php
@@ -249,7 +249,7 @@ class Horde_Auth
          case 'crypt-md5':
              return $seed
                  ? substr(preg_replace('|^{crypt}|i', '', $seed), 0, 12)
-                : '$1$' . substr(hash('md5', mt_rand()), 0, 8) . '$';
+                : '$1$' . base64_encode(hash('md5', sprintf('%08X%08X', mt_rand(), mt_rand()), true)) . '$';
  
          case 'crypt-blowfish':
              return $seed
author	Chuck Hagenbuch <chuck@horde.org>
	Mon, 20 Jul 2009 18:10:13 +0000 (14:10 -0400)
committer	Chuck Hagenbuch <chuck@horde.org>
	Mon, 20 Jul 2009 18:10:13 +0000 (14:10 -0400)