On 8 May 2014 23:46, Liangent liangent@gmail.com wrote:
On Mar 23, 2012 3:38 AM, "Sam Reed" reedy@wikimedia.org wrote:
I'm happy to announce the availability of the second beta release of the new MediaWiki 1.19 release series.
[Snip]
George Argyros and Aggelos Kiayias reported that the method used to
> generate password reset tokens is not sufficiently secure. Instead we
use various more secure random number generators, depending on what is available on the platform. Windows users are strongly advised to install either th
e openssl extension or the mcrypt extension for PHP
so that MediaWiki can take
advantage of the cryptographic random
number facility provided by Windows.
Any extension developers using mt_rand() to generate random numbers in contexts where security is required are encouraged to instead
make use
of the MWCryptRand class introduced with this release.
For more details, see
I came across this mail and found this link still not viewable.
I've asked on the bug whether it's OK to making it public again.
J.