Project

General

Profile

Actions

Bug #23355

closed

Speed up / restructure of random byte generator to address e.g. WIN OS specifics

Added by Marcus Krause over 14 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
Start date:
2010-08-05
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.6
PHP Version:
4.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

The current implementation of TYPO3's random byte generator mixes up methods that retrieve crypto-safe/non-crypto safe bytes.
Crypto-safe methods usually mean a blocking/time-consuming execution and should be used only for cryptographic use-cases like encryption/decryption.
Furthermore, the implementation does not take care of errors using mcrypt method.

This RFC is about a restructure/separation of crypto safe/non-crypto safe methods to speed up execution/prevent blocks and improvements in error handling.

http://bugs.php.net/bug.php?id=52523
http://www.php-security.org/2010/05/09/mops-submission-04-generating-unpredictable-session-ids-and-hashes/index.html
(issue imported from #M15359)


Files

15359_4-3_POC.diff (3.59 KB) 15359_4-3_POC.diff Administrator Admin, 2010-08-06 10:44

Related issues 5 (0 open5 closed)

Related to TYPO3 Core - Bug #22369: Mitigate PHP's RNG vulnerabilityClosedHelmut Hummel2010-04-01

Actions
Related to TYPO3 Core - Bug #24410: Parameter for function "mcrypt_create_iv" not correctClosed2010-12-24

Actions
Related to TYPO3 Core - Bug #23860: Installation on Windows causes Fatal error: Call to undefined method com::GetRandom() during 1-2-3 installer.ClosedMarcus Krause2010-10-28

Actions
Has duplicate TYPO3 Core - Bug #23496: t3lib_div::generateRandomBytes() is bad and buggyClosed2010-09-03

Actions
Has duplicate TYPO3 Core - Bug #24440: Improve the used random generators on *nix platformsClosedSteffen Gebert2010-12-29

Actions
Actions

Also available in: Atom PDF