From 57e1a375cbd2db9741ff19167813344f8eff5772 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 4 Oct 2025 14:32:18 +0200
Subject: Strengthen some crypto (#8061)

For login, tokens, nonces
---
 app/Models/Auth.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'app/Models/Auth.php')

diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index 19cd26aa5..888215730 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -217,8 +217,7 @@ class FreshRSS_Auth {
 	public static function csrfToken(): string {
 		$csrf = Minz_Session::paramString('csrf');
 		if ($csrf == '') {
-			$salt = FreshRSS_Context::systemConf()->salt;
-			$csrf = sha1($salt . uniqid('' . random_int(0, mt_getrandmax()), true));
+			$csrf = hash('sha256', FreshRSS_Context::systemConf()->salt . random_bytes(32));
 			Minz_Session::_param('csrf', $csrf);
 		}
 		return $csrf;
-- 
cgit v1.2.3