request #8934 Use an audited library to generate cryptographically secure pseudo-random numbers

Artifact

Infos

Artifact ID#8934

Submitted byThomas Gerbet (tgerbet)

Last Modified On2016-03-15 12:54

Submitted on2016-03-03 17:06

Rank9039

Details

Summary *

Use an audited library to generate cryptographically secure pseudo-random numbers

Original Submission

Tuleap currently use its own CSPRNG using PHP primitives. As this is a critical point, Tuleap should rely on a well audited library for that.

I propose to use paragonie/random_compat which backport random_bytes and random_int functions of PHP 7.

CategoryOther

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2016-03-15

Attachments

Connected artifacts

Artifact links

Empty

Reverse artifact links

Releases

AttachmentsEmpty

References

Cross references

Referencing request #8934

Artifact Tracker v5

rel #8869 8.13

request #8971 Fatal error while accessing to an artifact

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/06/5206/2' of ssh://gerrit.tuleap.net:29418/tuleap into stable 6261ce84a6

Nicolas Terray (nterray) , 2016-03-15 12:52

request #8934: Use an audited library to generate cryptographically secure pseudo-random numbers 6697cfa343

Thomas Gerbet (tgerbet) , 2016-03-10 11:05

Release

release #122

Show items referenced by request #8934

Referenced by request #8934

Other

gerrit #5206

Follow-ups

Nicolas Terray (nterray)

2016-03-15 12:54

Integrated into Tuleap 8.12.99.40

Status changed from Under review to Closed
Close date set to 2016-03-15

Thomas Gerbet (tgerbet)

2016-03-04 18:31

A patch is under review: gerrit #5206.

Summary
-Use a audited library to generate cryptographically secure pseudo-random numbers
+Use an audited library to generate cryptographically secure pseudo-random numbers
Status changed from Under implementation to Under review

Public