Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78698

Deprecate random_bytes_emulate function

    XMLWordPrintable

Details

    • MOODLE_401_STABLE
    • MOODLE_403_STABLE
    • master_MDL-78698
    • Hide

      The deprecated method isn't used directly but is used by several other methods around Moodle LMS.
      The easiest way to test that things are working from the UI is to:

      • Log into the site with a user that has permissions to create a course and perform user backups and restores (Admin is fine).
      • Create a course with a couple of activities
      • Backup the course
      • Confirm there were no errors during the backup
      • restore the course as a new isntance
      • confirm the course restored successfully.

      Apart from the above make sure unit and behat tests pass.

      Show
      The deprecated method isn't used directly but is used by several other methods around Moodle LMS. The easiest way to test that things are working from the UI is to: Log into the site with a user that has permissions to create a course and perform user backups and restores (Admin is fine). Create a course with a couple of activities Backup the course Confirm there were no errors during the backup restore the course as a new isntance confirm the course restored successfully. Apart from the above make sure unit and behat tests pass.

    Description

      The function random_bytes_emulate (https://github.com/moodle/moodle/blob/master/lib/moodlelib.php#L8496) tries to generate cryptographically secure pseudo-random bytes.

      It does this by progressively falling back to alternate (worse) methods of generating random bytes.

      The first method it tries is the native PHP7 random_bytes method which does generate cryptographically secure random bytes (https://www.php.net/manual/en/function.random-bytes.php).

      Now that all supported versions of Moodle support at least PHP 7 (for a while).

      We should now deprecate (https://moodledev.io/general/development/policies/deprecation) random_bytes_emulate and just use random_bytes.

      This means:

      • Deprecating random_bytes_emulate in line with policy
      • Replace the usages of random_bytes_emulate in core with random_bytes

      Attachments

        Issue Links

          has a non-specific relationship to

          Improvement - An enhancement to an existing Moodle feature. MDL-67390 Update password hashing to SHA-512

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              matt.porritt@moodle.com Matt Porritt
              matt.porritt@moodle.com Matt Porritt
              Paul Holden Paul Holden
              Ilya Tregubov Ilya Tregubov
              Ron Carl Alfon Yu Ron Carl Alfon Yu
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                9/Oct/23

                Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours, 29 minutes
                  3h 29m