bintzwing/tst/mcrypt_mock.php
Sebastien SAUVAGE 43a439e7d0 Time attack protection on hmac comparison
This fixes issue 2.7 of https://defuse.ca/audits/zerobin.htm, and thus
(with commit a24212afda90ca3e4b4ff5ce30d2012709b58a28) also issue 2.8.

(cherry picked from commit 0b4db7ece313dd268e51fc47a0293a649927558a)

Conflicts:
	index.php
2015-08-15 23:44:03 +02:00

17 lines
377 B
PHP

<?php
define('MCRYPT_DEV_URANDOM', 1);
function mcrypt_create_iv($int, $flag)
{
$randomSalt = '';
for($i = 0; $i < 16; ++$i) {
$randomSalt .= base_convert(mt_rand(), 10, 16);
}
// hex2bin requires an even length, pad if necessary
if (strlen($randomSalt) % 2)
{
$randomSalt = '0' . $randomSalt;
}
return hex2bin($randomSalt);
}