RNG now uses /dev/urandom instead of /dev/random to fix slowdowns during login. Potentially not as secure, but speed problems on some servers were of blocker severity.
authorDan
Mon, 04 Aug 2008 11:44:20 -0400
changeset 300 614f6ff1a855
parent 299 0f6f1ace701f
child 301 13f5f7d0cd64
RNG now uses /dev/urandom instead of /dev/random to fix slowdowns during login. Potentially not as secure, but speed problems on some servers were of blocker severity.
includes/rijndael.php
--- a/includes/rijndael.php	Thu Jun 26 21:00:25 2008 -0400
+++ b/includes/rijndael.php	Mon Aug 04 11:44:20 2008 -0400
@@ -900,10 +900,10 @@
     {
       $key .= chr(mt_rand(0, 255));
     }
-    if ( @file_exists('/dev/random') && @is_readable('/dev/random') )
+    if ( @file_exists('/dev/urandom') && @is_readable('/dev/urandom') )
     {
       // Let's use something a little more secure
-      $ur = @fopen('/dev/random', 'r');
+      $ur = @fopen('/dev/urandom', 'r');
       if ( !$ur )
         return $key;
       $ukey = @fread($ur, $len);