From e57680006a7a0c33f08a94e05ebf7c69b486d401 Mon Sep 17 00:00:00 2001
From: Chuck Hagenbuch <chuck@horde.org>
Date: Mon, 20 Jul 2009 14:10:13 -0400
Subject: [PATCH] improve salt generation for crypt-md5 passwords
 (lowzl@hotmail.com, Bug #8425)

---
 framework/Auth/lib/Horde/Auth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework/Auth/lib/Horde/Auth.php b/framework/Auth/lib/Horde/Auth.php
index 8ac3d7571..924e4eafa 100644
--- a/framework/Auth/lib/Horde/Auth.php
+++ b/framework/Auth/lib/Horde/Auth.php
@@ -249,7 +249,7 @@ class Horde_Auth
         case 'crypt-md5':
             return $seed
                 ? substr(preg_replace('|^{crypt}|i', '', $seed), 0, 12)
-                : '$1$' . substr(hash('md5', mt_rand()), 0, 8) . '$';
+                : '$1$' . base64_encode(hash('md5', sprintf('%08X%08X', mt_rand(), mt_rand()), true)) . '$';
 
         case 'crypt-blowfish':
             return $seed
-- 
2.11.0