PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Smart Architectures in PHP
Protecting MySQL Sessions With SSH Tunnel (Port Forwarding)
Using XML, a PHP Developer's Primer, Part 4: XML-RPC, PHP and Javascript
Simple Remoting
A Primer On Postgres Exception Handling for the PHP Developer

RE: [PHP-DEV] Re: Crypt salts not random.. (fwd) From: Alexander Feldman (alex <email protected>)
Date: 04/29/01

Next message: andi <email protected>: "[PHP-DEV] Bug #9077 Updated: Cannot compile against current Apache 2.0 a9 or CVS dated 02-Feb-2001"
Previous message: hholzgra <email protected>: "[PHP-DEV] Bug #10550 Updated: mktime() returns -1 for certain valid dates"
In reply to: James Moore: "RE: [PHP-DEV] Re: Crypt salts not random.. (fwd)"
Next in thread: Boian Bonev: "Re: [PHP-DEV] Re: Crypt salts not random.. (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 29 Apr 2001, James Moore wrote:

>
> > > > In order to avoid this you actually have to call it at completely
> > > different
> > > > times, something you can't really guarantee. We should
> > probably not use
> > > > the timestamp as the seed (at least not alone), but also take
> > the pid into
> > > > account.
> > > >
> > > > Zeev
> > > >
> > >
> > >That only really works for forking webservers, does it not? Another
> > >alternative
> > >would be to use microseconds...
> >
> > Yeah we could use microseconds but are they available on all platforms?
> > In any case, on non-forking servers we can use thread id.
>
> We have accuracy to milliseconds only on Win32.

It is enough... We can use gettimeofday or getitimer on linux, gethrtime
on Solaris, ftime on windows, etc. There are other ways to insert some
more pseudo randomness as well. Hashes of data that changes quickly is
enough (environment, all PIDs, ideas?). BTW we do not need so much
randomness for the crypt function. It can not be used for cryptography -
the salt is just to prevent pregenerated dictionaries. Perhaps we can add
another function for the PHP programmer to insert additional entropy while
working? The modern linuxes gather some random data from the times between
the keystrokes and the time between the network packets arrive - we can
use it but it is only available on some linuxes. Or we can add some
extension to gather better random data from the times between the page
requests?

>
> - James
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
> For additional commands, e-mail: php-dev-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
>

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: andi <email protected>: "[PHP-DEV] Bug #9077 Updated: Cannot compile against current Apache 2.0 a9 or CVS dated 02-Feb-2001"
Previous message: hholzgra <email protected>: "[PHP-DEV] Bug #10550 Updated: mktime() returns -1 for certain valid dates"
In reply to: James Moore: "RE: [PHP-DEV] Re: Crypt salts not random.. (fwd)"
Next in thread: Boian Bonev: "Re: [PHP-DEV] Re: Crypt salts not random.. (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]