和加密安全性与极端随机性

和加密安全性与极端随机性

本文介绍了PHP:openssl_random_pseudo_bytes()和加密安全性与极端随机性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在PHP中对openssl_random_pseudo_bytes()进行一些研究,我注意到在PHP源代码中执行openssl_random_pseudo_bytes()函数。 OpenSSL的 RAND_pseudo_bytes 函数用于生成返回值,而不是在OpenSSL中提供的 RAND_bytes



OpenSSL的文档这两个函数如下:

问题是为什么不使用RAND_bytes或为什么在PHP中还没有openssl_rand_bytes()函数,如果它是根据OpenSSL,更随机。



只是好奇。这是速度关注吗?不够可靠?



感谢

解决方案

选择可能是基于实用性而不是加密的健全性。如果使用 RAND_bytes(),则该函数可能会由于随机性不足而失败。 PHP代码的作者无疑希望避免PHP函数失败。



我注意到 openssl_random_pseudo_bytes()函数有一个可选的 crypto_strong 参数,这使得调用者知道返回的字节是否真的在加密强度,OpenSSL的意见。

$ b $除此之外,可以使用外部引擎配置OpenSSL,其中一些(如CHIL)使用基于硬件的随机源为 RAND_pseudo_bytes() RAND_bytes()如果这是你需要的。



正在使用。


Doing some research into openssl_random_pseudo_bytes() in PHP and I noticed that in the implementation of the of the openssl_random_pseudo_bytes()function in PHP's source. OpenSSL's RAND_pseudo_bytes function is used to generate the return value as opposed to RAND_bytes also available in OpenSSL.

OpenSSL's documentation of these two functions are as follows:

I guess my question is why wasn't RAND_bytes used or why isn't there also a openssl_rand_bytes() function in PHP if it is, according to OpenSSL, more random.

Just curious. Was it a speed concern? Not reliable enough? Or was the PRNG the issue (ie: to hard to implement when the pseudo works fine for most purposes) ?

Thanks

解决方案

The choice was probably made based on practicality rather than the soundness of the crypto. If RAND_bytes() is used, the function may fail due to insufficient randomness being available. The author of the PHP code no doubt wanted to avoid the PHP function failing.

I notice though that the openssl_random_pseudo_bytes() function does have an optional crypto_strong parameter, which lets the caller know whether the returned bytes really were cryptographically strong, in the opinion of OpenSSL.

As an aside, it is possible to configure OpenSSL with external engines and some of them (such as CHIL) use a hardware-based random source for both RAND_pseudo_bytes() and RAND_bytes() if that's what you need.

Also, on Windows the PHP code is using CryptGenRandom.

这篇关于PHP:openssl_random_pseudo_bytes()和加密安全性与极端随机性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-23 14:39