dongsutao8921 2014-01-01 03:11
浏览 58
已采纳

使用mcrypt_dev_random生成256位令牌

i want to use mcrypt to create a 256 bit token to set as the cookie for the user.

I have read a number of articles suggesting to use mcrypt DEV_RANDOM

I am using the code

$size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
$iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);

But the result i get when i output the token is

ǡw��ӣ�:z���{d

Is this what it is supposed to look like? iF not, what do i have to do to generate a proper token.

Thanks

  • 写回答

1条回答 默认 最新

  • dthjnc306679 2014-01-01 03:20
    关注

    Use bin2hex to get a more "friendly" representation of the data. bin2hex will convert the bytes you have generated into an ASCII encoded hex representation of the original string.

    $size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
    $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
    
    $hexIv = bin2hex($iv);
    

    The reason you are getting the strange output is because you are taking a random sequence of bytes and trying to represent them at some kind of human readable text by treating it as a string encoded in whatever is the default encoding for the application you are viewing the string in (e.g you web browser).

    Example:

    $size = mcrypt_get_iv_size(MCRYPT_CAST_256, MCRYPT_MODE_CFB);
    $iv = mcrypt_create_iv($size, MCRYPT_DEV_RANDOM);
    
    echo "RAW IV: ";
    echo $iv;
    echo "
     Hex: ";
    echo bin2hex($iv);
    

    Output:

    RAW IV: ª£2æ|%ì­E½ßy²ý
    Hex: 0aaaa332e67c25ecad45bddf7919b2fd
    

    In addition you should note the following things:

    • MCRYPT_DEV_RANDOM will block if the entropy pool is depleted.
    • MCRYPT_DEV_URANDOM is most likely a better choice as it won't block. The output is less random, but this is fine for most purposes.
    • An alternative function is openssl_random_pseudo_bytes which, for your use-case, performs the same function as the two mcrypt_ function calls (with MCRYPT_DEV_URANDOM). It does not require the mcrypt extension, only that PHP was compiled with OpenSSL support.
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 Python安装cvxpy库出问题
  • ¥15 用前端向数据库插入数据,通过debug发现数据能走到后端,但是放行之后就会提示错误
  • ¥15 python天天向上类似问题,但没有清零
  • ¥30 3天&7天&&15天&销量如何统计同一行
  • ¥30 帮我写一段可以读取LD2450数据并计算距离的Arduino代码
  • ¥15 C#调用python代码(python带有库)
  • ¥15 矩阵加法的规则是两个矩阵中对应位置的数的绝对值进行加和
  • ¥15 活动选择题。最多可以参加几个项目?
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题