The problem is that there's no good way to get truly random numbers. -Reading /dev/urandom works okay on Linux boxes, but not on Windows. -Windows can have the COM class available to it, which would let you call CAPICOM.Utilities.1->GetRandom() from the Windows Cryptography COM library. That would give secure bytes. You'd have to check for class_exists on COM first. -PHP 5.3 contains openssl_random_psuedo_bytes, so that could be an option as well if that function_exists.
Maybe a generic function designed to return secure random bytes under a number of platforms is called for? This has to already exist somewhere, can't we just reuse somebody else's code? On Mon, Dec 8, 2008 at 11:07 AM, Xavier Borderie <[EMAIL PROTECTED]> wrote: >> Bad idea. It'd be safer to write a really good random number generator >> function into your installer program. Sending your secret keys over >> the internet kind of defeats the point, really. The secret-key >> generator on wp.org is a convenience, not intended to be the end-all >> be-all of security. > > I thought of that, yeah :) > I imagine the secret-key generator is in PHP, so there would be little > work putting that into setup-config. > Still, having to open and edit wp-config should be a thing of the past. > > > -- > Xavier Borderie > _______________________________________________ > wp-testers mailing list > [email protected] > http://lists.automattic.com/mailman/listinfo/wp-testers > _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
