diff options
Diffstat (limited to 'Bugzilla/Util.pm')
| -rw-r--r-- | Bugzilla/Util.pm | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 457eb7d02..f9e8d12f7 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -54,6 +54,7 @@ use DateTime::TimeZone; use Digest; use Email::Address; use List::Util qw(first); +use Math::Random::Secure qw(irand); use Scalar::Util qw(tainted); use Template::Filters; use Text::Wrap; @@ -535,9 +536,15 @@ sub bz_crypt { return $crypted_password; } +# If you want to understand the security of strings generated by this +# function, here's a quick formula that will help you estimate: +# We pick from 62 characters, which is close to 64, which is 2^6. +# So 8 characters is (2^6)^8 == 2^48 combinations. Just multiply 6 +# by the number of characters you generate, and that gets you the equivalent +# strength of the string in bits. sub generate_random_password { my $size = shift || 10; # default to 10 chars if nothing specified - return join("", map{ ('0'..'9','a'..'z','A'..'Z')[rand 62] } (1..$size)); + return join("", map{ ('0'..'9','a'..'z','A'..'Z')[irand 62] } (1..$size)); } sub validate_email_syntax { |