Replaced use of mt_rand within key generation with /dev/urandom read. See PHPCRED-37
Replaced use of mt_rand within key generation with /dev/urandom read. See PHPCRED-37

--- a/lib/crypto.php
+++ b/lib/crypto.php
@@ -163,8 +163,8 @@
 // Gives us a 2048bit string
 // Upped from 1024 because commit cae0ac5 increases the likelihood of key repetition
   while ($x <= 256){
-	$key = mt_rand(48,122);
-	$key2 = mt_rand(48,122);
+	$key = self::generateNum(48,122);
+	$key2 = self::generateNum(48,122);
 
 	if (in_array($key,$excludes)){ continue; }
 	if (in_array($key2,$excludes)){ continue; }
@@ -390,6 +390,32 @@
 
 
 
+/** Used when generating encryption keys
+*
+* Filched from http://codeascraft.com/2012/07/19/better-random-numbers-in-php-using-devurandom/
+*
+* @arg min - minimum 
+* @arg max - maximum
+*
+* @return string
+*/
+static function generateNum($min = 0, $max = 0x7FFFFFFF){
+
+  $diff = $max - $min;
+    if ($diff < 0 || $diff > 0x7FFFFFFF) {
+	throw new RuntimeException("Bad range");
+    }
+    $bytes = mcrypt_create_iv(4, MCRYPT_DEV_URANDOM);
+    if ($bytes === false || strlen($bytes) != 4) {
+        throw new RuntimeException("Unable to get 4 bytes");
+    }
+    $ary = unpack("Nint", $bytes);
+    $val = $ary['int'] & 0x7FFFFFFF;   // 32-bit safe                           
+    $fp = (float) $val / 2147483647.0; // convert to [0,1]                          
+    return round($fp * $diff) + $min;
+
+
+}
 
 
 

--- a/lib/includes/gatherEntropy.php
+++ b/lib/includes/gatherEntropy.php
@@ -17,84 +17,39 @@
 
 
 // Are we processing the generated or outputting the field
-if ($submitted):
+if ($submitted){
+
 
 // Submitted details will be full of commas making part of the key predictable. Get rid of it
-$entropy = str_replace(",","",BTMain::getVar('gEntropy'));
-
-$entropyseed = mt_rand(1000,999000);
 
 $x = BTMain::getVar('kLength');
-
+$newkey = '';
 
 
       while ($x > 0){
 
-      $key = mt_rand(32,254);
-      $ecryptkey = mt_rand(32,254);
-      $prekey = mt_rand(32,254);
-
-	if ($key == 127 || $ecryptkey == 127){
+      	$key = Crypto::generateNum(32,254);
+	if ($key == 127 ){
 	// Skip the delete char
-	continue;
+		continue;
 	}
 
+      	$newkey .= chr($key);
+      	$x--;
 
-      $seed .= chr($key);
-      $ecrypt .= mt_rand(0,99000) . chr($ecryptkey);
-      $prkey .= chr($prekey);
-
-      $x--;
       }
 
-$prkey = substr($prkey, mt_rand(0,475), 25);
+	$newkey = base64_encode($newkey);
+}else{
 
 
-$newkey = $entropyseed . $prkey . $entropy . $seed;
+?>
+	<label for="keyLength">Key Length</label>
+	<input id="keyLength" type="text" name="kLength" value="<?php echo $crypt->getKeyLength();?>">
+	<input type="hidden" id="countsremaining" value="0" name="clicksremaining">
 
-$newkey = $crypt->encrypt($newkey,'ONEWAY',$ecrypt);
+<?php
+}
 
 
 
-
-
-
-
-else:
-
-      if (!isset($notifications)){
-	    global $notificiations;
-      }
-$notifications->RequireScript('entropy');
-$notifications->RequireCSS('Entropy');
-
-
-?>
-<label for="keyLength">Key Length</label>
-<input id="keyLength" type="text" name="kLength" value="<?php echo $crypt->getKeyLength();?>">
-
-<div id="EntropyGeneration">
-
-<div class='EntropyDiv' id="ClickDiv" title="Move your around mouse randomly whilst clicking. Box will turn green when sufficient clicks have been registered"></div>
-<input type="hidden" disabled="disabled" id="EntropylastClick">
-
-<textarea id='content' style="display: none;" name="gEntropy"></textarea>
-<div style="display: none;"><input type="text" id="countsremaining" value="30" name="clicksremaining"> Clicks Remaining</div>
-</div>
-
-<script type="text/javascript">
-var count=15;
-document.getElementById('ClickDiv').onclick=function(e){ var c = whereAt(e), b=document.getElementById('EntropylastClick');if (c == b.value){ return; } b.value=c; document.getElementById('content').value += c; count=count-1; document.getElementById('countsremaining').value = count; if(count == 0){document.getElementById('ClickDiv').className = 'EntropyDiv EntropyGenerated';}};
-$('#EntropyGeneration *').tooltip({track: true, fade: 250});
-</script>
-
-<?php
-
-
-
-
-
-endif;
-
-
-