diff --git a/phpseclib/Crypt/Random.php b/phpseclib/Crypt/Random.php index 7fcf97bd..c503def9 100644 --- a/phpseclib/Crypt/Random.php +++ b/phpseclib/Crypt/Random.php @@ -35,36 +35,104 @@ * @author Jim Wigginton * @copyright MMVII Jim Wigginton * @license http://www.gnu.org/licenses/lgpl.txt - * @version $Id: Random.php,v 1.4 2008-05-21 05:15:32 terrafrost Exp $ + * @version $Id: Random.php,v 1.5 2010-02-19 22:39:44 terrafrost Exp $ * @link http://phpseclib.sourceforge.net */ /** - * Generate a random value. Feel free to replace this function with a cryptographically secure PRNG. + * Generate a random value. + * + * On 32-bit machines, the largest distance that can exist between $min and $max is 2**31. + * If $min and $max are farther apart than that then the last ($max - range) numbers. + * + * Depending on how this is being used, it may be worth while to write a replacement. For example, + * a PHP-based web app that stores its data in an SQL database can collect more entropy than this function + * can. * * @param optional Integer $min * @param optional Integer $max - * @param optional String $randomness_path * @return Integer * @access public */ -function crypt_random($min = 0, $max = 0x7FFFFFFF, $randomness_path = '/dev/urandom') +function crypt_random($min = 0, $max = 0x7FFFFFFF) { - static $seeded = false; + // see http://en.wikipedia.org/wiki//dev/random + if (file_exists('/dev/urandom')) { + $fp = fopen('/dev/urandom', 'rb'); + extract(unpack('Nrandom', fread($fp, 4))); + fclose($fp); - if (!$seeded) { - $seeded = true; - if (file_exists($randomness_path)) { - $fp = fopen($randomness_path, 'r'); - $temp = unpack('Nint', fread($fp, 4)); - mt_srand($temp['int']); - fclose($fp); - } else { - list($sec, $usec) = explode(' ', microtime()); - mt_srand((float) $sec + ((float) $usec * 100000)); + // say $min = 0 and $max = 3. if we didn't do abs() then we could have stuff like this: + // -4 % 3 + 0 = -1, even though -1 < $min + return abs($random) % ($max - $min) + $min; + } + + /* Prior to PHP 4.2.0, mt_srand() had to be called before mt_rand() could be called. + Prior to PHP 5.2.6, mt_rand()'s automatic seeding was subpar, as elaborated here: + + http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/ + + The seeding routine is pretty much ripped from PHP's own internal GENERATE_SEED() macro: + + http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3_2/ext/standard/php_rand.h?view=markup */ + if (version_compare(PHP_VERSION, '5.2.5', '<=')) { + static $seeded; + if (!isset($seeded)) { + $seeded = true; + mt_srand(fmod(time() * getmypid(), 0x7FFFFFFF) ^ fmod(1000000 * lcg_value(), 0x7FFFFFFF)); } } - return mt_rand($min, $max); + static $crypto; + + // The CSPRNG's Yarrow and Fortuna periodically reseed. This function can be reseeded by hitting F5 + // in the browser and reloading the page. + + if (!isset($crypto)) { + switch (true) { + case class_exists('Crypt_AES'): + $key = $iv = ''; + for ($i = 0; $i < 8; $i++) { + $key.= pack('n', mt_rand(0, 0xFFFF)); + $iv .= pack('n', mt_rand(0, 0xFFFF)); + } + $crypto = new Crypt_AES(CRYPT_AES_MODE_CTR); + $crypto->setKey($key); + $crypto->setIV($iv); + break; + case class_exists('Crypt_TripleDES'): + case class_exists('Crypt_DES'): + $key = $iv = ''; + for ($i = 0; $i < 4; $i++) { + $key.= pack('n', mt_rand(0, 0xFFFF)); + $iv .= pack('n', mt_rand(0, 0xFFFF)); + } + if (class_exists('Crypt_TripleDES')) { + for ($i = 0; $i < 4; $i++) { + $key.= pack('n', mt_rand(0, 0xFFFF)); + } + $crypto = new Crypt_TripleDES(CRYPT_DES_MODE_CTR); + } else { + $crypto = new Crypt_DES(CRYPT_DES_MODE_CTR); + } + $crypto->setKey($key); + $crypto->setIV($iv); + break; + case class_exists('Crypt_RC4'): + $key = ''; + for ($i = 0; $i < 8; $i++) { + $key.= pack('n', mt_rand(0, 0xFFFF)); + } + $crypto = new Crypt_RC4(); + $crypto->setKey($key); + break; + default: + extract(unpack('Nrandom', pack('H*', sha1(mt_rand(0, 0x7FFFFFFF))))); + return abs($random) % ($max - $min) + $min; + } + } + + extract(unpack('Nrandom', $crypto->encrypt("\0\0\0\0"))); + return abs($random) % ($max - $min) + $min; } ?> \ No newline at end of file