•  
      request #8934 Use an audited library to generate cryptographically secure pseudo-random numbers
    Infos
    #8934
    Thomas Gerbet (tgerbet)
    2016-03-15 12:54
    2016-03-03 17:06
    9042
    Details
    Use an audited library to generate cryptographically secure pseudo-random numbers

    Tuleap currently use its own CSPRNG using PHP primitives. As this is a critical point, Tuleap should rely on a well audited library for that.

    I propose to use paragonie/random_compat which backport random_bytes and random_int functions of PHP 7.

    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2016-03-15
    Attachments
    Empty
    References

    Follow-ups

    User avatar

    Integrated into Tuleap 8.12.99.40


    • Status changed from Under review to Closed
    • Close date set to 2016-03-15
    User avatar
    Thomas Gerbet (tgerbet)2016-03-04 18:31

    A patch is under review: gerrit #5206.


    • Summary
      -Use a audited library to generate cryptographically secure pseudo-random numbers 
      +Use an audited library to generate cryptographically secure pseudo-random numbers 
    • Status changed from Under implementation to Under review