added better random sources in crypter, seed random number generator on every call.

0438c696 · Taylor Otwell · 74887986 · 0438c696
Commit 0438c696 authored Feb 13, 2012 by Taylor Otwell
Show whitespace changes
Inline Side-by-side

Showing with 30 additions and 1 deletion

crypter.php laravel/crypter.php +30 -1

No files found.
--- a/laravel/crypter.php
+++ b/laravel/crypter.php
@@ -26,7 +26,7 @@ class Crypter {
 	 */
 	public static function encrypt($value)
 	{
-		$iv = mcrypt_create_iv(static::iv_size(), MCRYPT_RAND);
+		$iv = mcrypt_create_iv(static::iv_size(), static::randomizer());

 		$value = mcrypt_encrypt(static::$cipher, static::key(), $value, static::$mode, $iv);

@@ -58,6 +58,35 @@ class Crypter {
 		return rtrim(mcrypt_decrypt(static::$cipher, $key, $value, static::$mode, $iv), "\0");
 	}

+	/**
+	 * Get the most secure random number generator for the system.
+	 *
+	 * @return int
+	 */
+	protected static function randomizer()
+	{
+		// There are various sources from which we can get random numbers
+		// but some are more random than others. We'll choose the most
+		// random source we can for this server environment.
+		if (defined('MCRYPT_DEV_URANDOM'))
+		{
+			return MCRYPT_DEV_URANDOM;
+		}
+		elseif (defined('MCRYPT_DEV_RANDOM'))
+		{
+			return MCRYPT_DEV_RANDOM;
+		}
+		// When using the default random number generator, we'll seed
+		// the generator on each call to ensure the results are as
+		// random as we can possibly get them.
+		else
+		{
+			mt_srand();
+
+			return MCRYPT_RAND;
+		}
+	}
+
 	/**
 	 * Get the input vector size for the cipher and mode.
 	 *