WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

use /dev/random for IV+KEY if possible

This commit is contained in:
Roland Gruber 2003-10-02 17:54:04 +00:00
parent 0516036e15
commit 462ac62c86
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lam/templates/login.php
View File

@ -32,9 +32,19 @@ function display_LoginPage($config_object,$profile)
{ {
global $error_message; global $error_message;
// generate 256 bit key and initialization vector for user/passwd-encryption // generate 256 bit key and initialization vector for user/passwd-encryption
// check if we can use /dev/random otherwise use /dev/urandom or rand()
$key = @mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
if (! $key) $key = @mcrypt_create_iv(32, MCRYPT_DEV_URANDOM);
if (! $key) {
srand((double)microtime()*1234567); srand((double)microtime()*1234567);
$key = mcrypt_create_iv(32, MCRYPT_RAND); $key = mcrypt_create_iv(32, MCRYPT_RAND);
}
$iv = @mcrypt_create_iv(32, MCRYPT_DEV_RANDOM);
if (! $iv) $iv = @mcrypt_create_iv(32, MCRYPT_DEV_URANDOM);
if (! $iv) {
srand((double)microtime()*1234567);
$iv = mcrypt_create_iv(32, MCRYPT_RAND); $iv = mcrypt_create_iv(32, MCRYPT_RAND);
}
// save both in cookie // save both in cookie
setcookie("Key", base64_encode($key), 0, "/"); setcookie("Key", base64_encode($key), 0, "/");