Homec4science
Diffusion libphutil 691bd2de5908

Use weak but dependency-free entropy source in PhutilOpaqueEnvelope
691bd2de5908
Actions

Authored by epriestley <git@epriestley.com> on Jan 21 2013, 10:30.

Description

Use weak but dependency-free entropy source in PhutilOpaqueEnvelope

Summary:
If PHP doesn't have access to /dev/urandom, we currently fatal here before we can get to the setup check for it.

To avoid this, use a weaker random source. This doesn't need to be a strong random source, since it's only protecting against accidental disclosure through logs, etc.

Test Plan:

  • Dumped the resulting key and verified it "looked" random.
  • Dumped a bunch of them to a file and gzipped it, verified it got larger.
  • Had user in question apply patch and verified he got to the /dev/urandom setup check ("open_basedir configured crazy").

Reviewers: vrana, btrahan, asherkin

Reviewed By: asherkin

CC: aran

Differential Revision: https://secure.phabricator.com/D4561

Details

Committed
epriestley <git@epriestley.com>Jan 21 2013, 10:30
Pushed
aubortMar 17 2017, 12:03
Parents
rPHU27e9eb89e490: Enable console "log" channel when processing --trace in daemons
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHU691bd2de5908: Use weak but dependency-free entropy source in PhutilOpaqueEnvelope (authored by epriestley <git@epriestley.com>).Jan 21 2013, 10:30

Changes (1)

Path
Msrc/error/PhutilOpaqueEnvelopeKey.php

rPHU691bd2de5908

View Options

src/error/PhutilOpaqueEnvelopeKey.php

Loading...
c4science ยท Help