Improve quality of generated seed, avoid potential security pitfall

tecnickcom / TCPDF

Official clone of PHP library to generate PDF documents and barcodes

https://tcpdf.org

Other

4.18k stars 1.51k forks source link

Open xelan opened 1 week ago

xelan commented 1 week ago

Try to use random_bytes() first if it's available
Do not include the server parameters in the generated seed, as they might contain sensitive data

As all current usages of getRandomSeed() directly hash the seed, there should be no BC breaking changes.

The main source of entropy is more than enough on its own if random_bytes() or openssl_random_pseudo_bytes() are available.