tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-29 12:49:06 +02:00
Code Issues Projects Releases Wiki Activity

NEW Deprecate RandomGenerator::generateEntropy in favour of using random_bytes directly

Browse Source
This commit is contained in:
Guy Marriott 2018-11-01 19:51:15 +13:00
parent 7086f2ea3a
commit 2ff7ee6752
No known key found for this signature in database
GPG Key ID: A80F9ACCB86D3DA7
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Security/RandomGenerator.php
View File

@ -4,6 +4,7 @@ namespace SilverStripe\Security;
use Error;
use Exception;
use SilverStripe\Dev\Deprecation;
/**
* Convenience class for generating cryptographically secure pseudo-random strings/tokens
@ -13,9 +14,12 @@ class RandomGenerator
/**
* @return string A 128-character, randomly generated ASCII string
* @throws Exception If no suitable CSPRNG is installed
* @deprecated 4.4:5.0
*/
public function generateEntropy()
{
Deprecation::notice('4.4', __METHOD__ . ' has been deprecated. Use random_bytes instead');
try {
return bin2hex(random_bytes(64));
} catch (Error $e) {
@ -38,9 +42,10 @@ class RandomGenerator
*
* @param string $algorithm Any identifier listed in hash_algos() (Default: whirlpool)
* @return string Returned length will depend on the used $algorithm
* @throws Exception When there is no valid source of CSPRNG
*/
public function randomToken($algorithm = 'whirlpool')
{
return hash($algorithm, $this->generateEntropy());
return hash($algorithm, random_bytes(64));
}
}