added better random sources in crypter, seed random number generator on every call.

2012-02-12 19:45:04 -06:00 · 2012-02-12 19:45:04 -06:00 · 0438c69648
parent 74887986a7
commit 0438c69648
1 changed files with 30 additions and 1 deletions
--- a/laravel/crypter.php
+++ b/laravel/crypter.php
@ -26,7 +26,7 @@ class Crypter {
 	 */
 	public static function encrypt($value)
 	{
-		$iv = mcrypt_create_iv(static::iv_size(), MCRYPT_RAND);
+		$iv = mcrypt_create_iv(static::iv_size(), static::randomizer());

 		$value = mcrypt_encrypt(static::$cipher, static::key(), $value, static::$mode, $iv);

@ -58,6 +58,35 @@ public static function decrypt($value)
 		return rtrim(mcrypt_decrypt(static::$cipher, $key, $value, static::$mode, $iv), "\0");
 	}

+	/**
+	 * Get the most secure random number generator for the system.
+	 *
+	 * @return int
+	 */
+	protected static function randomizer()
+	{
+		// There are various sources from which we can get random numbers
+		// but some are more random than others. We'll choose the most
+		// random source we can for this server environment.
+		if (defined('MCRYPT_DEV_URANDOM'))
+		{
+			return MCRYPT_DEV_URANDOM;
+		}
+		elseif (defined('MCRYPT_DEV_RANDOM'))
+		{
+			return MCRYPT_DEV_RANDOM;
+		}
+		// When using the default random number generator, we'll seed
+		// the generator on each call to ensure the results are as
+		// random as we can possibly get them.
+		else
+		{
+			mt_srand();
+
+			return MCRYPT_RAND;
+		}
+	}
+
 	/**
 	 * Get the input vector size for the cipher and mode.
 	 *