Commit 20aff533 by Qiang Xue

added back fallback mechanism for generating salt.

parent 564048a1
...@@ -335,8 +335,16 @@ class BaseSecurity ...@@ -335,8 +335,16 @@ class BaseSecurity
throw new InvalidParamException('Cost must be between 4 and 31.'); throw new InvalidParamException('Cost must be between 4 and 31.');
} }
// Get 20 * 8bits of pseudo-random entropy from mt_rand(). // Get 20 * 8bits of random entropy
$rand = openssl_random_pseudo_bytes(20); if (function_exists('openssl_random_pseudo_bytes')) {
// https://github.com/yiisoft/yii2/pull/2422
$rand = openssl_random_pseudo_bytes(20);
} else {
$rand = '';
for ($i = 0; $i < 20; ++$i) {
$rand .= chr(mt_rand(0, 255));
}
}
// Add the microtime for a little more entropy. // Add the microtime for a little more entropy.
$rand .= microtime(true); $rand .= microtime(true);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment