not worried… i think most people are more than fully aware that random on a computer can never be random!!! Security wise - depends on the use - what use / software are you referring to?
This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
September 12, 2008 5:31am
Subscribe [2]#1 / Sep 12, 2008 5:31am
#2 / Sep 12, 2008 7:38am
not worried… i think most people are more than fully aware that random on a computer can never be random!!! Security wise - depends on the use - what use / software are you referring to?
#3 / Sep 12, 2008 7:45am
Well heh, Expressionengine for some reason came to my mind. Our national securityportal says that at least WordPress-, Joomla- and Simple Machines maybe has something to deal within this..
Cheers:
- Tuittu
#4 / Sep 12, 2008 8:29am
well if your going specific and referring to EE… then a quick search on the system folder pulls back two uses of this that seem related to this…
The first is a random number / pass generator… I imagine this is used in part of the password reset if you forget your login… in this case, a randomly generated password will be as strong as any a user would create, it is also protected by being associated with the users email address (in part of the reset process) and then the user is likely to change it again after to somehting they might remember this time…
Therefore, not sure this will be an issue…
The second they use as part of an XSS protection in URL’s, and to be honest without more reading, cannot tell to much more into this…
But in each of these situations it is used in combo with hex, substr, and md5… so i personally would say this is more than fine for the use… But i am not as expert as i would need to be to say for sure.