FAQ
Edit report at http://pear.php.net/bugs/bug.php?id=14674&edit=1

ID: 14674
Updated by: michael@bretterklieber.com
Reported By: cweiske at php dot net
Summary: Security issue due to seeding random number generator
-Status: Open
+Status: Assigned
Type: Bug
Package: Crypt_CHAP
Package Version: 1.0.1
PHP Version: Irrelevant
-Assigned To:
+Assigned To: mbretter
Roadmap Versions:
New Comment:

-Status: Open
+Status: Assigned
-Assigned To:
+Assigned To: mbretter



Previous Comments:
------------------------------------------------------------------------

[2009-08-05 21:21:53] mbretter

-Status: Open
+Status: Assigned


------------------------------------------------------------------------

[2008-09-21 12:09:14] cweiske

Description:
------------
The package lowers the security of randomly generated numbers by
seeding the random number generator by itself. Please remove the
[mt_]srand() call from the code. Manual seeding is not required since
php 4.2.0, so this is safe.

For more information, read:
http://www.nabble.com/Re%3A-Random-number-generation-security-problem-p19595503.html
http://news.php.net/php.pear.dev/50791
http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

------------------------------------------------------------------------

Search Discussions

  • Michael at Aug 6, 2009 at 7:41 am
    Edit report at http://pear.php.net/bugs/bug.php?id=14674&edit=1

    ID: 14674
    Updated by: michael@bretterklieber.com
    Reported By: cweiske at php dot net
    Summary: Security issue due to seeding random number generator
    -Status: Open
    +Status: Assigned
    Type: Bug
    Package: Crypt_CHAP
    Package Version: 1.0.1
    PHP Version: Irrelevant
    Roadmap Versions:
    New Comment:

    -Status: Open
    +Status: Assigned



    Previous Comments:
    ------------------------------------------------------------------------

    [2008-09-21 12:09:14] cweiske

    Description:
    ------------
    The package lowers the security of randomly generated numbers by
    seeding the random number generator by itself. Please remove the
    [mt_]srand() call from the code. Manual seeding is not required since
    php 4.2.0, so this is safe.

    For more information, read:
    http://www.nabble.com/Re%3A-Random-number-generation-security-problem-p19595503.html
    http://news.php.net/php.pear.dev/50791
    http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

    ------------------------------------------------------------------------
  • Michael at Aug 28, 2009 at 9:24 am
    Edit report at http://pear.php.net/bugs/bug.php?id=14674&edit=1

    ID: 14674
    Updated by: michael@bretterklieber.com
    Reported By: cweiske at php dot net
    Summary: Security issue due to seeding random number generator
    -Status: Assigned
    +Status: Closed
    Type: Bug
    Package: Crypt_CHAP
    Package Version: 1.0.1
    PHP Version: Irrelevant
    Assigned To: mbretter
    Roadmap Versions:
    New Comment:

    -Status: Assigned
    +Status: Closed



    Previous Comments:
    ------------------------------------------------------------------------

    [2009-08-05 21:22:15] mbretter

    -Status: Open
    +Status: Assigned
    -Assigned To:
    +Assigned To: mbretter


    ------------------------------------------------------------------------

    [2009-08-05 21:21:53] mbretter

    -Status: Open
    +Status: Assigned


    ------------------------------------------------------------------------

    [2008-09-21 12:09:14] cweiske

    Description:
    ------------
    The package lowers the security of randomly generated numbers by
    seeding the random number generator by itself. Please remove the
    [mt_]srand() call from the code. Manual seeding is not required since
    php 4.2.0, so this is safe.

    For more information, read:
    http://www.nabble.com/Re%3A-Random-number-generation-security-problem-p19595503.html
    http://news.php.net/php.pear.dev/50791
    http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/

    ------------------------------------------------------------------------

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
categoriesphp
postedAug 6, '09 at 7:40a
activeAug 28, '09 at 9:24a
posts3
users1
websitepear.php.net

1 user in discussion

Michael: 3 posts

People

Translate

site design / logo © 2021 Grokbase