Link Details

Link 923597 thumbnail
User 355617 avatar

By piccoloprincipe
via paul-m-jones.com
Submitted: Feb 13 2013 / 14:18

On the pages for rand() and uniqid(), as well as looking at the C code, they specifically state that these functions should not be used for generating secure tokens.  They tend to generate predictable values.  And the documentation for md5() states that it should not be used for password hashing.  Granted we’re not hashing passwords when creating a CSRF token, but with the tooling available shouldn’t we be using functions that are more cryptographically secure?
  • 2
  • 0
  • 255
  • 62

Add your comment


Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.

Voters For This Link (2)



Voters Against This Link (0)



    Debugging JavaScript
    Written by: Ashutosh Sharma
    Featured Refcardz: Top Refcardz:
    1. Design Patterns
    2. OO JS
    3. Cont. Delivery
    4. Java EE7
    5. HTML5 Mobile
    1. Java EE7
    2. Spring Annotations
    3. Git
    4. Java
    5. REST