From 57e1a375cbd2db9741ff19167813344f8eff5772 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 4 Oct 2025 14:32:18 +0200
Subject: Strengthen some crypto (#8061)

For login, tokens, nonces
---
 app/Models/FormAuth.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Models/FormAuth.php')

diff --git a/app/Models/FormAuth.php b/app/Models/FormAuth.php
index 1da03f6d2..8943fa7f5 100644
--- a/app/Models/FormAuth.php
+++ b/app/Models/FormAuth.php
@@ -52,7 +52,7 @@ class FreshRSS_FormAuth {
 
 	public static function makeCookie(string $username, string $password_hash): string|false {
 		do {
-			$token = sha1(FreshRSS_Context::systemConf()->salt . $username . uniqid('' . mt_rand(), true));
+			$token = hash('sha256', FreshRSS_Context::systemConf()->salt . $username . random_bytes(32));
 			$token_file = DATA_PATH . '/tokens/' . $token . '.txt';
 		} while (file_exists($token_file));
 
-- 
cgit v1.2.3