On 9 May 2014 00:37, Jasper Deng jasper@jasperswebsite.com wrote:
On Thu, May 8, 2014 at 11:46 PM, Liangent liangent@gmail.com wrote:
On Mar 23, 2012 3:38 AM, "Sam Reed" reedy@wikimedia.org wrote:
I'm happy to announce the availability of the second beta release of
the
new MediaWiki 1.19 release series.
[Snip]
George Argyros and Aggelos Kiayias reported that the method used to
>
generate
password reset tokens is not sufficiently secure. Instead we
use various more secure random number generators, depending on what is available on the platform. Windows users are strongly advised to install either th
e openssl extension or the mcrypt extension for PHP
so that MediaWiki can take
advantage of the cryptographic random
number facility provided by Windows.
Any extension developers using mt_rand() to generate random numbers in contexts where security is required are encouraged to instead
make use
of the MWCryptRand class introduced with this release.
For more details, see
>
https://bugzilla.wikimedia.org/show_bug.cgi?id=35078
I came across this mail and found this link still not viewable.
Surely this reply was a mistake?
No? Just overly-quoted.
J.