ldap_servers/ldap_servers.encryption.inc has the following function:

 * Return a random salt of a given length for crypt-style passwords
 * @param int length
 *   The requested length.
 * @return string
 *   A (fairly) random salt of the requested length.
function ldap_servers_random_salt( $length ) {
  $possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
  $salt = "";

  mt_srand((double)microtime() * 1000000);
  while ( strlen( $salt ) < $length ) {
    $salt .= substr( $possible, ( rand() % strlen( $possible ) ), 1 );

  return $salt;

I was thinking that it would be usefull if drupal core had something like this.
I searched around and found out that drupal core does have such a function.

see: http://api.drupal.org/api/drupal/includes!bootstrap.inc/function/drupal_...

It appears to be more versatile and has the ability to use things like openssl and /dev/urandom (if available).

Is there a reason not to use drupal_random_bytes() instead?

This is a request to switch to and use drupal_random_bytes() instead of ldap_servers_random_salt().

Members fund testing for the Drupal project. Drupal Association Learn more


thekevinday’s picture

Project: AES encryption » Lightweight Directory Access Protocol (LDAP)

oh wow, sorry wrong tab and therefore wrong project.

johnbarclay’s picture

Status: Active » Needs review

No reason for using ldap_servers_random_salt() except this part of the code was written before drupal 7. Since this is being called on install, it should have no effect on existing salt keys so I think its a good patch.

johnbarclay’s picture

Version: 7.x-1.x-dev » 7.x-2.x-dev
johnbarclay’s picture

Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.