From 2ff7ee6752cc505fd538a12e1a0c1709231961a8 Mon Sep 17 00:00:00 2001 From: Guy Marriott Date: Thu, 1 Nov 2018 19:51:15 +1300 Subject: [PATCH] NEW Deprecate RandomGenerator::generateEntropy in favour of using random_bytes directly --- src/Security/RandomGenerator.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/Security/RandomGenerator.php b/src/Security/RandomGenerator.php index b7279e0b6..89c223eb9 100644 --- a/src/Security/RandomGenerator.php +++ b/src/Security/RandomGenerator.php @@ -4,6 +4,7 @@ namespace SilverStripe\Security; use Error; use Exception; +use SilverStripe\Dev\Deprecation; /** * Convenience class for generating cryptographically secure pseudo-random strings/tokens @@ -13,9 +14,12 @@ class RandomGenerator /** * @return string A 128-character, randomly generated ASCII string * @throws Exception If no suitable CSPRNG is installed + * @deprecated 4.4:5.0 */ public function generateEntropy() { + Deprecation::notice('4.4', __METHOD__ . ' has been deprecated. Use random_bytes instead'); + try { return bin2hex(random_bytes(64)); } catch (Error $e) { @@ -38,9 +42,10 @@ class RandomGenerator * * @param string $algorithm Any identifier listed in hash_algos() (Default: whirlpool) * @return string Returned length will depend on the used $algorithm + * @throws Exception When there is no valid source of CSPRNG */ public function randomToken($algorithm = 'whirlpool') { - return hash($algorithm, $this->generateEntropy()); + return hash($algorithm, random_bytes(64)); } }