higher entropy for security or privacy related tokens
related #472 (closed)
What does this MR do?
currently there is mostly
uniqid() used for generating secret tokens, which is basically just the time in microseconds.
If we know the execution time for generating an password-request-token with ±10ms precision, we only need to try <20.000 times to take over an account.
less critical, but privacy relevant: Email-Attachments, cache-index,...
How confident are you it won't break things if deployed?
- no unrelated changes
- asked someone for a code review
- joined #foodsharing-beta channel at https://slackin.yunity.org
- added an entry to CHANGELOG.md (description, merge request link, username(s))