2015-02-24 14:10
浏览 82

如何使用openssl_random_pseudo_bytes函数? PHP

I want to generate token , to use it as sign in auth, so I want to assure that the token algorithm is cryptographically strong !

I am using this block of code to to achieve that :

$crypto_strong = false;
while($crypto_strong !== false)
$openssl =openssl_random_pseudo_bytes(128,$crypto_strong);
$token = bin2hex($openssl);

is that correct ?

图片转代码服务由CSDN问答提供 功能建议

我想生成令牌,将其用作登录身份验证,所以我想确保令牌算法是 加密强大!


  $ crypto_strong = false; 
while($ crypto_strong  !== false)
 $ openssl = openssl_random_pseudo_bytes(128,$ crypto_strong); 
 $ token = bin2hex($ openssl); 


  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongxiang3648 2015-02-24 15:08

    Reading the docs, it describes the $crypto_strong parameter as:

    If passed into the function, this will hold a boolean value that determines if the algorithm used was "cryptographically strong", e.g., safe for usage with GPG, passwords, etc. TRUE if it did, otherwise FALSE

    The value of $crypto_strong is going to be fixed for a particular system. So if your system doesn't use a strong algorithm, your code will enter an infinite loop.

    According to those same docs, "it's rare for this to be FALSE, but some systems may be broken or old". So it sounds like you are unlikely to encounter may examples of a false value. Perhaps in those situations, it would be more appropriate to abort the procedure and present an error to the user.

    I wasn't entirely clear on your background use case, so I've no idea whether this general approach is correct for you. But certainly your posted code is wrong.

    点赞 评论

相关推荐 更多相似问题