MrUnknownDE/panel
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/panel.git synced 2026-04-22 00:03:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update random ID method to use str_random and not random_bytes

Browse Source 
The use of random_bytes in combination with bin2hex was producing a lot of duplicate keys when tested in batches of 10k (anywhere from 2 to 6). The use of str_random yielded no duplicates even at scales of 100k keys that were 8 characters.
This commit is contained in:
Dane Everitt
2017-09-13 23:07:02 -05:00
parent 0e518be6ca
commit a8c4d6afdb
14 changed files with 50 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/Services/Api/KeyCreationService.php
View File

@@ -30,8 +30,8 @@ use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
class KeyCreationService
{
const PUB_CRYPTO_BYTES = 8;
const PRIV_CRYPTO_BYTES = 32;
const PUB_CRYPTO_LENGTH = 16;
const PRIV_CRYPTO_LENGTH = 64;
/**
* @var \Illuminate\Database\ConnectionInterface
@@ -86,8 +86,8 @@ class KeyCreationService
*/
public function handle(array $data, array $permissions, array $administrative = [])
{
$publicKey = bin2hex(random_bytes(self::PUB_CRYPTO_BYTES));
$secretKey = bin2hex(random_bytes(self::PRIV_CRYPTO_BYTES));
$publicKey = str_random(self::PUB_CRYPTO_LENGTH);
$secretKey = str_random(self::PRIV_CRYPTO_LENGTH);
// Start a Transaction
$this->connection->beginTransaction();