View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0025723 | mantisbt | administration | public | 2019-04-30 05:58 | 2019-05-19 16:54 |
Reporter | kskr19 | Assigned To | dregad | ||
Priority | urgent | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.21.0 | ||||
Summary | 0025723: $g_crypto_master_salt for mantis | ||||
Description | Please provide us the steps on "how to generate $g_crypto_master_salt for mantis". APPLICATION ERROR #2900 For security reasons MantisBT will not operate when $g_crypto_master_salt is not specified correctly in config_inc.php or is shorter than 16 characters long. | ||||
Tags | No tags attached. | ||||
I would have expected that the installer created file config/config_inc.ph where you should find a line where If the file cannot be created due to missing access right, the installer asks you to create the file manually and displays the content you should use to create the file. |
|
The installer tries to initialize this setting to an appropriate, randomly generated value. However, it may happen that it is unable to generate cryptographically secure data, in which case you must initialize it manually. This is indicated by the installer Please read the documentation |
|
Hi atrol, Thank you very much for your response. config_inc.php file is not created by the installer, we have manually created it. Please help me in generating random number for $g_crypto_master_salt path. |
|
Hi dregad, Thank you so much for your reply. I have read the link which you have mentioned. From here, I am not aware of generating random number for $g_crypto_master_salt path manually in Windows10. |
|
This is really beyond MantisBT scope, but anyway you should use a Cryptographically Secure Pseudo-Random Number Generator (CSPRNG). Which one depends on your preferences or requirements, but if you could try
Or some online CSPRNG such as https://www.grc.com/passwords.htm Note that the value does not need to be generated on Windows. YMMV. |
|