ldap_servers/ldap_servers.encryption.inc has the following function:

<?php
/**
 * Return a random salt of a given length for crypt-style passwords
 *
 * @param int length
 *   The requested length.
 *
 * @return string
 *   A (fairly) random salt of the requested length.
 *
 */
function ldap_servers_random_salt( $length ) {
  $possible = '0123456789' . 'abcdefghijklmnopqrstuvwxyz' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' . './';
  $salt = "";

  mt_srand((double)microtime() * 1000000);
  while ( strlen( $salt ) < $length ) {
    $salt .= substr( $possible, ( rand() % strlen( $possible ) ), 1 );
  }

  return $salt;
}
?>

I was thinking that it would be usefull if drupal core had something like this.
I searched around and found out that drupal core does have such a function.

see: http://api.drupal.org/api/drupal/includes!bootstrap.inc/function/drupal_...

It appears to be more versatile and has the ability to use things like openssl and /dev/urandom (if available).

Is there a reason not to use drupal_random_bytes() instead?

This is a request to switch to and use drupal_random_bytes() instead of ldap_servers_random_salt().

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

thekevinday’s picture

Project: AES encryption » Lightweight Directory Access Protocol

oh wow, sorry wrong tab and therefore wrong project.
Fixing..

johnbarclay’s picture

Status: Active » Needs review

No reason for using ldap_servers_random_salt() except this part of the code was written before drupal 7. Since this is being called on install, it should have no effect on existing salt keys so I think its a good patch.

johnbarclay’s picture

Version: 7.x-1.x-dev » 7.x-2.x-dev
johnbarclay’s picture

Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.