diff options
| author | Anthony Ferrara <ircmaxell@gmail.com> | 2012-09-17 18:07:37 -0400 |
|---|---|---|
| committer | Anthony Ferrara <ircmaxell@gmail.com> | 2012-09-17 18:07:37 -0400 |
| commit | d0aae83fb03411f4ef759903417f418550d4ff08 (patch) | |
| tree | 27b9fcf84ad9d67beda1506a73164e150bf7e62b | |
| parent | 73348cf8c4bfb52836ef2dc59489120f5d2bf3cd (diff) | |
| download | password_compat-d0aae83fb03411f4ef759903417f418550d4ff08.zip password_compat-d0aae83fb03411f4ef759903417f418550d4ff08.tar.gz password_compat-d0aae83fb03411f4ef759903417f418550d4ff08.tar.bz2 | |
Fix bug with fallback randomness when using a partial generated salt
| -rw-r--r-- | lib/password.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/password.php b/lib/password.php index 7c78937..0cd946d 100644 --- a/lib/password.php +++ b/lib/password.php @@ -118,14 +118,13 @@ if (!defined('PASSWORD_BCRYPT')) { $bl = strlen($buffer); for ($i = 0; $i < $raw_length; $i++) { if ($i < $bl) { - $buffer ^= chr(mt_rand(0, 255)); + $buffer[$i] ^= chr(mt_rand(0, 255)); } else { $buffer .= chr(mt_rand(0, 255)); } } } - $buffer = str_replace('+', '.', base64_encode($buffer)); - $salt = $buffer; + $salt = str_replace('+', '.', base64_encode($buffer)); } $salt = substr($salt, 0, $required_salt_len); |