From 0cc42e2941f2f280b6924f5cd90dd5c144b4e601 Mon Sep 17 00:00:00 2001 From: Dylan William Hardison Date: Tue, 4 Aug 2015 14:07:22 +0800 Subject: Bug 1188339 - Backport upstream bug 1179856 (Increase length of all tokens value for greater security) --- Bugzilla/Token.pm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Bugzilla/Token.pm b/Bugzilla/Token.pm index 7edcd4226..b7227144f 100644 --- a/Bugzilla/Token.pm +++ b/Bugzilla/Token.pm @@ -49,6 +49,11 @@ use base qw(Exporter); check_token_data delete_token issue_hash_token check_hash_token); +# 128 bits password: +# 128 * log10(2) / log10(62) = 21.49, round up to 22. +# 62 = 0-9, a-z, A-Z. +use constant TOKEN_LENGTH => 22; + ################################################################################ # Public Functions ################################################################################ @@ -307,7 +312,7 @@ sub GenerateUniqueToken { if ($tries > 100) { ThrowCodeError("token_generation_error"); } - $token = generate_random_password(); + $token = generate_random_password(TOKEN_LENGTH); $sth->execute($token); $duplicate = $sth->fetchrow_array; } -- cgit v1.2.3-24-g4f1b