View Issue Details

IDProjectCategoryView StatusLast Update
0025723mantisbtadministrationpublic2019-05-19 16:54
Reporterkskr19 Assigned Todregad  
PriorityurgentSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.21.0 
Summary0025723: $g_crypto_master_salt for mantis
Description

Please provide us the steps on "how to generate $g_crypto_master_salt for mantis".
We are facing below error while installing mantis.

APPLICATION ERROR #2900

For security reasons MantisBT will not operate when $g_crypto_master_salt is not specified correctly in config_inc.php or is shorter than 16 characters long.
Please use the "Back" button in your web browser to return to the previous page. There you can correct whatever problems were identified in this error or select another action. You can also click an option from the menu bar to go directly to a new section.

TagsNo tags attached.

Activities

atrol

atrol

2019-04-30 08:47

developer   ~0062014

I would have expected that the installer created file config/config_inc.ph where you should find a line where $g_crypto_master_salt is set.
Does the file exist and is there such a line in it?

If the file cannot be created due to missing access right, the installer asks you to create the file manually and displays the content you should use to create the file.

dregad

dregad

2019-04-30 08:53

developer   ~0062015

The installer tries to initialize this setting to an appropriate, randomly generated value.

However, it may happen that it is unable to generate cryptographically secure data, in which case you must initialize it manually. This is indicated by the installer
Setting Cryptographic salt in config file POSSIBLE PROBLEM
Unable to find a random number source for cryptographic purposes. You will need to edit /path/to/config_inc.php and set a value for $g_crypto_master_salt manually

Please read the documentation
http://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.config.security

kskr19

kskr19

2019-05-03 01:30

reporter   ~0062017

Hi atrol,

Thank you very much for your response.

config_inc.php file is not created by the installer, we have manually created it.
But really I am not aware of setting $g_crypto_master_salt in config_inc.php file.

Please help me in generating random number for $g_crypto_master_salt path.
FYI, we are installing mantis in Windows 10.

kskr19

kskr19

2019-05-03 01:34

reporter   ~0062018

Hi dregad,

Thank you so much for your reply.

I have read the link which you have mentioned.
http://mantisbt.org/docs/master/en-US/Admin_Guide/html-desktop/#admin.config.security

From here, I am not aware of generating random number for $g_crypto_master_salt path manually in Windows10.
Please provide us the required steps on how to manually generate $g_crypto_master_salt path.

dregad

dregad

2019-05-03 06:02

developer   ~0062019

Please provide us the required steps on how to manually generate $g_crypto_master_salt path.

This is really beyond MantisBT scope, but anyway you should use a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). Which one depends on your preferences or requirements, but if you could try

openssl rand 64 -base64

Or some online CSPRNG such as https://www.grc.com/passwords.htm

Note that the value does not need to be generated on Windows.

YMMV.