Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.3.4

Bug #14675 Security issue due to seeding random number generator
Submitted: 2008-09-21 16:09 UTC
From: cweiske Assigned: cweiske
Status: Closed Package: HTML_Crypt (version 1.3.2)
PHP Version: Irrelevant OS:
Roadmaps: (Not assigned)    
Subscription  
Comments Add Comment Add patch


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 26 - 1 = ?

 
 [2008-09-21 16:09 UTC] cweiske (Christian Weiske)
Description: ------------ The package lowers the security of randomly generated numbers by seeding the random number generator by itself. Please remove the [mt_]srand() call from the code. Manual seeding is not required since php 4.2.0, so this is safe. For more information, read: http://www.nabble.com/Re%3A-Random-number-generation-security-problem-p19595503.html http://news.php.net/php.pear.dev/50791 http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

Comments

 [2008-09-21 16:19 UTC] cweiske (Christian Weiske)
Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/HTML_Crypt