ChristianRiesen/otp

Don't use rand()

mallorydxw opened this issue · 1 comments

Bug is here:

$string .= $keys[rand(0,31)];

rand() isn't a CSPRNG - even the PHP team caution against treating it as such: http://php.net/rand#refsect1-function.rand-notes

Thank you, fixed it now.