|
Elgg
Version 1.9
|
Public Member Functions | |
| getRandomBytes ($length) | |
| Generate a string of highly randomized bytes (over the full 8-bit range). More... | |
| getRandomString ($length, $chars=null) | |
| Generate a random string of specified length. More... | |
Public Attributes | |
| const | CHARS_PASSWORD = 'bcdfghjklmnpqrstvwxyz2346789' |
| Character set for temp passwords (no risk of embedded profanity/glyphs that look similar) More... | |
| const | CHARS_HEX = '0123456789abcdef' |
| Character set for hexadecimal. More... | |
Definition at line 10 of file ElggCrypto.php.
| ElggCrypto::getRandomBytes | ( | $length | ) |
Generate a string of highly randomized bytes (over the full 8-bit range).
| int | $length | Number of bytes needed |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Our primary choice for a cryptographic strong randomness function is openssl_random_pseudo_bytes.
If mcrypt extension is available then we use it to gather entropy from the operating system's PRNG. This is better than reading /dev/urandom directly since it avoids reading larger blocks of data than needed. Older versions of mcrypt_create_iv may be broken or take too much time to finish so we only use this function with PHP 5.3.7 and above.
No build-in crypto randomness function found. We collect any entropy available in the PHP core PRNGs along with some filesystem info and memory stats. To make this data cryptographically strong we add data either from /dev/urandom or if its unavailable, we gather entropy by measuring the time needed to compute a number of SHA-1 hashes.
Definition at line 55 of file ElggCrypto.php.
| ElggCrypto::getRandomString | ( | $length, | |
$chars = null |
|||
| ) |
Generate a random string of specified length.
Uses supplied character list for generating the new string. If no character list provided - uses Base64 URL character set.
| int | $length | Desired length of the string |
| string | null | $chars | Characters to be chosen from randomly. If not given, the Base64 URL charset will be used. |
| InvalidArgumentException |
Definition at line 183 of file ElggCrypto.php.
| const ElggCrypto::CHARS_HEX = '0123456789abcdef' |
Character set for hexadecimal.
Definition at line 20 of file ElggCrypto.php.
| const ElggCrypto::CHARS_PASSWORD = 'bcdfghjklmnpqrstvwxyz2346789' |
Character set for temp passwords (no risk of embedded profanity/glyphs that look similar)
Definition at line 15 of file ElggCrypto.php.
1.8.11
