from:"andreas at andreas dot org"

Bug #51436 [Com]: LCG entropy fix insufficient, uniqid leaks entropy, leads to weak session IDs

2010-04-07 Thread andreas at andreas dot org

Edit report at http://bugs.php.net/bug.php?id=51436&edit=1 ID: 51436 Comment by: andreas at andreas dot org Reported by: andreas at andreas dot org Summary: LCG entropy fix insufficient, uniqid leaks entropy, leads to weak session

[PHP-BUG] Bug #51436 [NEW]: LCG entropy fix insufficient, uniqid leaks entropy, leads to weak session IDs

2010-03-30 Thread andreas at andreas dot org

From: Operating system: all PHP version: 5.3.2 Package: *Encryption and hash functions Bug Type: Bug Bug description:LCG entropy fix insufficient, uniqid leaks entropy, leads to weak session IDs Description: PHP utilizes a cryptographically weak ran