Skip to content

Commit

Permalink
Merge pull request #1 from ComaVN/master
Browse files Browse the repository at this point in the history
use Cryptographically secure mcrypt rng instead of mt_rand, if possible
  • Loading branch information
Roderik van der Veer committed Jun 6, 2015
2 parents 551d48f + aa0b378 commit f17e1ed
Showing 1 changed file with 17 additions and 2 deletions.
19 changes: 17 additions & 2 deletions PWGen.php
Original file line number Diff line number Diff line change
Expand Up @@ -327,10 +327,25 @@ private function pw_rand() {

/**
* Generate a random number n, where $min <= n < $max
* Mersenne Twister is used as an algorithm
* mcrypt's RNG is used if the mcrypt extension has been installed.
* Mersenne Twister is used as a cryptographically insecure fallback algorithm.
*/
public static function my_rand($min=0, $max=0) {
return mt_rand($min, $max);
if ($min > $max) {
return false;
}
if (function_exists('mcrypt_create_iv')) {
$rnd = unpack('L',mcrypt_create_iv(4,MCRYPT_DEV_URANDOM));
// Because you can't unpack an unsigned long on a 32bit system (or rather, you can,
// but it won't be unsigned), we need to clear the sign bit. mt_getrandmax() seems to
// be 2147483647 (0x7FFFFFFF) on all platforms I've tested, so this doesn't change the
// supported range.
$rnd = $rnd[1] & 0x7FFFFFFF;
return $rnd % (1 + $max - $min) + $min;
} else {
// fall back on cryptographically insecure rng
return mt_rand($min, $max);
}
}

/**
Expand Down

0 comments on commit f17e1ed

Please sign in to comment.