oss-sec mailing list archives
Re: Randomness Attacks Against PHP Applications
From: Raphael Geissert <geissert () debian org>
Date: Mon, 24 Sep 2012 23:53:53 -0500
On Sunday 23 September 2012 00:14:47 Solar Designer wrote:
I agree too that education is important. This is something that we came to an agreement with the PHP team (for example that additional information is needed on the mt_rand manual). However, as pointed out nothing has changed yet (the conversations between us and the PHP team took place in March/April).Did PHP 5.4's change of session IDs (vs. 5.3's) occur before or after your conversations with them?
If you are referring to using /dev/urandom for entropy by default, it was changed because of: https://bugs.php.net/bug.php?id=51436 in 2010. Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- Re: Randomness Attacks Against PHP Applications, (continued)
- Re: Randomness Attacks Against PHP Applications Solar Designer (Aug 22)
- Re: Randomness Attacks Against PHP Applications Solar Designer (Sep 14)
- Re: Randomness Attacks Against PHP Applications Josh Bressers (Sep 17)
- Re: Randomness Attacks Against PHP Applications Raphael Geissert (Sep 17)
- Re: Randomness Attacks Against PHP Applications Daniel Kahn Gillmor (Sep 17)
- Re: Randomness Attacks Against PHP Applications Kurt Seifried (Sep 17)
- Re: Randomness Attacks Against PHP Applications George Argyros (Sep 20)
- Re: Randomness Attacks Against PHP Applications Solar Designer (Sep 22)
- Re: Randomness Attacks Against PHP Applications Vladimir Vorontsov (Sep 23)
- Re: Randomness Attacks Against PHP Applications George Argyros (Sep 27)
- Re: Randomness Attacks Against PHP Applications Raphael Geissert (Sep 24)
- Re: Randomness Attacks Against PHP Applications George Argyros (Sep 27)
- Re: Randomness Attacks Against PHP Applications Solar Designer (Sep 14)
- Re: Randomness Attacks Against PHP Applications Solar Designer (Aug 22)
- Re: Randomness Attacks Against PHP Applications Vladimir Vorontsov (Sep 17)