Support random_bytes() as an additional randomness source
#6
Conversation
| @@ -0,0 +1,28 @@ | |||
| <?xml version="1.0" encoding="UTF-8"?> | |||
There was a problem hiding this comment.
Your editors configuration directory should not be added to project. Please modifiy this PR so that it only contains the actual feature changes/additions. You've probably added this by mistake, using a global .gitignore file will help. https://help.github.com/en/articles/ignoring-files#create-a-global-gitignore
composer.json
Outdated
| @@ -1,5 +1,5 @@ | |||
| { | |||
| "name": "atelierdisko/coupon_code", | |||
| "name": "HYP3/coupon_code", | |||
There was a problem hiding this comment.
There should be no changes to the composer.json file necessary. I guess this is a leftover from local development.
| * @param integer $bytes Number of bytes to return. | ||
| * @return string | ||
| * @throws Exception | ||
| */ |
There was a problem hiding this comment.
Don't change the identation style
| protected function _random($bytes) { | ||
| if (is_readable('/dev/urandom')) { |
There was a problem hiding this comment.
If you run into openbasedir issues with this line, than your openbasedir configuration needs to be changed as it is too strict. It is safe to generally include /dev/urandom.
| $stream = fopen('/dev/urandom', 'rb'); | ||
| $result = fread($stream, $bytes); | ||
| //if (is_readable('/dev/urandom')) { | ||
| if ($fh = @fopen('/dev/urandom', 'rb')) { |
There was a problem hiding this comment.
Errors should not be surpressed.
| if (function_exists('mcrypt_create_iv')) { | ||
| return mcrypt_create_iv($bytes, MCRYPT_DEV_RANDOM); | ||
| return random_bytes($bytes); |
There was a problem hiding this comment.
This line will not be reachable unless the mcrypt extension is installed, which is not what you want. How about adding a similar block as a first possible source of randomness in our _random() method here? That'd come before the check for using /dev/urandom. Before being able to use random_bytes() check if the function is present, older PHP versions may not have it and we still want to support those.
mariuswilms
changed the title
random_bytes() as an additional randomness source
…ith random_bytes
…ith random_bytes
No description provided.