| Package home | Report new bug | New search | Development Roadmap | Status: Open | Feedback | All | Closed Since Version 1.5.6 |
| Bug #14673 | Security issue due to seeding random number generator | ||
|---|---|---|---|
| Submitted: | 2008-09-21 16:08 UTC | ||
| From: | cweiske | Assigned: | dufuz |
| Status: | Closed | Package: | Cache (version 1.5.5RC4) |
| PHP Version: | 4.3.0 | OS: | |
| Roadmaps: | (Not assigned) | ||
[2008-09-21 16:08 UTC] cweiske
(Christian Weiske)
Description:
------------
The package lowers the security of randomly generated numbers by seeding the random number generator by itself. Please remove the [mt_]srand() call from the code. Manual seeding is not required since php 4.2.0, so this is safe.
For more information, read:
http://www.nabble.com/Re%3A-Random-number-generation-security-problem-p19595503.html
http://news.php.net/php.pear.dev/50791
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
Comments
[2008-10-07 09:01 UTC] dufuz
(Helgi Þormar Þorbjörnsson)
This bug has been fixed in CVS.
If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET).
If this was a problem with the pear.php.net website, the change should be live shortly.
Otherwise, the fix will appear in the package's next release.
Thank you for the report and for helping us make PEAR better.