From 462ac62c861e56e9fa7e108b9e0f4318259fe90d Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Thu, 2 Oct 2003 17:54:04 +0000
Subject: [PATCH] use /dev/random for IV+KEY if possible

---
 lam/templates/login.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/lam/templates/login.php b/lam/templates/login.php
index a9cfd30f..9326ca98 100644
--- a/lam/templates/login.php
+++ b/lam/templates/login.php
@@ -32,9 +32,19 @@ function display_LoginPage($config_object,$profile)
 {
 	global $error_message;
 	// generate 256 bit key and initialization vector for user/passwd-encryption
-	srand((double)microtime()*1234567);
-	$key = mcrypt_create_iv(32, MCRYPT_RAND);
-	$iv = mcrypt_create_iv(32, MCRYPT_RAND);
+	// check if we can use /dev/random otherwise use /dev/urandom or rand()
+	$key = @mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
+	if (! $key) $key = @mcrypt_create_iv(32, MCRYPT_DEV_URANDOM);
+	if (! $key) {
+		srand((double)microtime()*1234567);
+		$key = mcrypt_create_iv(32, MCRYPT_RAND);
+	}
+	$iv = @mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
+	if (! $iv) $iv = @mcrypt_create_iv(32, MCRYPT_DEV_URANDOM);
+	if (! $iv) {
+		srand((double)microtime()*1234567);
+		$iv = mcrypt_create_iv(32, MCRYPT_RAND);
+	}
 
 	// save both in cookie
 	setcookie("Key", base64_encode($key), 0, "/");