From 65a88e9c53341de0dc4f71d0497f78df20702107 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 22 May 2023 15:33:44 +0200
Subject: Type annotations, better RNG

---
 inc/crypto.inc.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'inc/crypto.inc.php')

diff --git a/inc/crypto.inc.php b/inc/crypto.inc.php
index eb0d344f..d26a94ab 100644
--- a/inc/crypto.inc.php
+++ b/inc/crypto.inc.php
@@ -8,20 +8,22 @@ class Crypto
 	 * which translates to ~130 bit salt
 	 * and 5000 rounds of hashing with SHA-512.
 	 */
-	public static function hash6($password)
+	public static function hash6(string $password): string
 	{
 		$salt = substr(str_replace('+', '.',
-			base64_encode(pack('N4', mt_rand(), mt_rand(), mt_rand(), mt_rand()))), 0, 16);
+			base64_encode(Util::randomBytes(16))), 0, 16);
 		$hash = crypt($password, '$6$' . $salt);
-		if (strlen($hash) < 60) ErrorHandler::traceError('Error hashing password using SHA-512');
+		if ($hash === null || strlen($hash) < 60) {
+			ErrorHandler::traceError('Error hashing password using SHA-512');
+		}
 		return $hash;
 	}
 
 	/**
-	 * Check if the given password matches the given cryp hash.
+	 * Check if the given password matches the given crypt hash.
 	 * Useful for checking a hashed password.
 	 */
-	public static function verify($password, $hash)
+	public static function verify(string $password, string $hash): bool
 	{
 		return crypt($password, $hash) === $hash;
 	}
-- 
cgit v1.2.3-55-g7522