From 1dddd5252dff5fc5cccd2c9790989207187aac90 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Sun, 5 Dec 2010 00:37:35 +0000
Subject: [PATCH] BUGFIX Using RandomGenerator class in
 PasswordEncryptor->salt()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114503 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 security/PasswordEncryptor.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/security/PasswordEncryptor.php b/security/PasswordEncryptor.php
index 10d5f62cc..157889017 100644
--- a/security/PasswordEncryptor.php
+++ b/security/PasswordEncryptor.php
@@ -81,16 +81,17 @@ abstract class PasswordEncryptor {
 	
 	/**
 	 * Return a string value stored in the {@link Member->Salt} property.
-	 * By default uses sha1() and mt_rand();
-	 * 
 	 * Note: Only used when {@link Security::$useSalt} is TRUE.
 	 * 
+	 * @uses RandomGenerator
+	 * 
 	 * @param String $password Cleartext password
 	 * @param Member $member (Optional)
 	 * @return String Maximum of 50 characters
 	 */
 	function salt($password, $member = null) {
-		return substr(sha1(mt_rand()) . time(), 0, 50);
+		$generator = new RandomGenerator();
+		return substr($generator->generateHash('sha1'), 0, 50);
 	}
 	
 	/**