https://bugzilla.wikimedia.org/show_bug.cgi?id=42054
Daniel Friesen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|Lowest |Unprioritized CC| |mediawiki-bugs@nadir-seen-f | |ire.com --- Comment #1 from Daniel Friesen <[email protected]> 2012-11-12 22:07:19 UTC --- "@deprecated since 1.20; Please use MWCryptRand for security purposes and wfRandomString for pesudo-random strings" wfGenerateToken was an unacceptable mess. It was used both for security purposes and trivial pesudo-random tokens as well. It claimed to be cryptographically secure but it used nothing more than one or two insecure calls to mt_rand. So, MWCryptRand if you are making tokens that need to be secure; Session tokens, user tokens, email confirmation tokens, etc... basically anything where it's possible it might matter that someone else could guess it. And a new function, wfRandomString for simple random semi-unique strings. Such as UNIQ ids like those used in the parser. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
