Tutoriale PHP
  Comunitatea PHP Romania

Tutoriale PHP
Index » Noutati

Jordi Boggiano's Blog: Unpredictable hashes for humans

Postat:Luni 10 Mai 2010 13:47
Sursa: http://www.phpdeveloper.org

Categorii: Noutati

In a new post to his blog today Jordi Boggiano talks about a task that can trip up some developers when they're trying to secure parts of their site or just create one-time use tokens - making unpredictable hashes.

If you [override the default session handlers], unless you want to entrust PHP's core to do it, one thing you will have to take care of is generating unique session ids to send as a cookie to your users, allowing the session to persist. Other common use cases for such unique hashes is to generate CSRF tokens to insert in forms or URLs, and finally authentication tokens for email validation or such.

He talks about how we, as humans, aren't very good at figuring out true randomness and that hashing the information only adds to the problem. He mentions how some of the random functions in PHP aren't all that random and that there's a better way to really generate good values. He's come up with a solution (his "generateUniqueId" function) that tries to generate entropy from OpenSSL or from the COM extension or from the "/dev/urandom" on unix-based systems. It's then hashed and sent back out the other side for easy use.


    Ultimele discutii in forum RSS Forum


    Ultimele articole Ultimele articole

    Top membri

    Pirahna Pirahna
    la birou
    Birkoff Birkoff
    carco carco
    mihaitha mihaitha
    Mascka Mascka
    Amenthes Amenthes
    dechim dechim
    Drobeta Turnu Severin
    whooper whooper
    Toronto ON
    gabysolomon gabysolomon
    raul_ raul_


     Arhiva newsletter
    Copyright © 2001-2014 PHP Romania Add PHPRomania to Google Add PHPRomania to Del.icio.us Add PHPRomania to Stumbleupon Add PHPRomania to Digg Add PHPRomania to Blink Web Hosting | Gazduire web | Campanii SMS | Gazduire Claus Web | Inregistrare Domenii | Anunturi | Jocuri cu bile
    Firma de Programare SEOMAXIM va oferta servicii complete de SEO, Programare SEO, Programare Web si Programare Site-uri
    Powered by Simplis