[wp-trac] [WordPress Trac] #28633: Generate better random numbers

Sat Feb 14 19:55:43 UTC 2015

#28633: Generate better random numbers
-------------------------------------+------------------------------
 Reporter:  sarciszewski             |       Owner:
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Security                 |     Version:  trunk
 Severity:  major                    |  Resolution:
 Keywords:  needs-testing has-patch  |     Focuses:
-------------------------------------+------------------------------

Comment (by Otto42):

 I think you might need a php version check on the `if
 (function_exists('mcrypt_create_iv'))` line as well. On a Windows machine
 running 5.2.x, where the mcrypt extension is also enabled, a call made
 using `MCRYPT_DEV_URANDOM` will cause a "Cannot open source device"
 warning. This warning will prevent logins if display_errors is enabled
 (which it sadly is by default on most hosts).

 Alternatively, error suppression by using `@mcrypt_create_iv()` would
 probably work just as well.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/28633#comment:33>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform