Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve quality of generated seed, avoid potential security pitfall #747

Closed

Conversation

xelan
Copy link
Contributor

@xelan xelan commented Sep 17, 2024

  • Try to use random_bytes() first if it's available
  • Do not include the server parameters in the generated seed, as they might contain sensitive data

As all current usages of getRandomSeed() directly hash the seed, there should be no BC breaking changes.

The main source of entropy is more than enough on its own if random_bytes() or openssl_random_pseudo_bytes() are available.

* Try to use random_bytes() first if it's available
* Do not include the server parameters in the generated seed, as
they might contain sensitive data

As all current usages of getRandomSeed() directly hash the seed,
there should be no BC breaking changes.

The main source of entropy is more than enough on its own if
random_bytes() or openssl_random_pseudo_bytes() are available.
@xelan xelan force-pushed the bugfix/improve-random-seed-security branch from 3d14084 to 022689a Compare September 17, 2024 14:07
@nicolaasuni
Copy link
Member

OK - Manually merged: #755

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants