PHP:openssl_random_pseudo_bytes()和加密安全性与极端随机性 [英] PHP: openssl_random_pseudo_bytes() and Crypto Security vs Extreme Randomness
问题描述
在PHP中对openssl_random_pseudo_bytes()进行一些研究,我注意到在PHP源代码中执行openssl_random_pseudo_bytes()函数。 OpenSSL的 RAND_pseudo_bytes 函数用于生成返回值,而不是在OpenSSL中提供的 RAND_bytes 。
OpenSSL的文档这两个函数如下:
RAND_pseudo_bytes()将num伪随机字节放入buf。
RAND_pseudo_bytes()生成的伪随机字节序列将是
唯一的,如果它们有足够的长度,但不一定是
不可预测的。它们可以用于非加密目的和
用于加密协议中的某些目的,但通常不用于密钥
生成等。
RAND_bytes()将num加密强伪随机字节
放入buf。如果PRNG没有播种足够的
随机性以确保不可预测的字节序列,则会出现错误。
问题是为什么不使用RAND_bytes或为什么在PHP中还没有openssl_rand_bytes()函数,如果它是根据OpenSSL,更随机。
只是好奇。这是速度关注吗?不够可靠?
感谢
选择可能是基于实用性而不是加密的健全性。如果使用 RAND_bytes(),则该函数可能会由于随机性不足而失败。 PHP代码的作者无疑希望避免PHP函数失败。
我注意到 openssl_random_pseudo_bytes()函数有一个可选的 crypto_strong 参数,这使得调用者知道返回的字节是否真的在加密强度,OpenSSL的意见。
RAND_pseudo_bytes()和 RAND_bytes()如果这是你需要的。 正在使用 CryptGenRandom 。
Doing some research into openssl_random_pseudo_bytes() in PHP and I noticed that in the implementation of the of the openssl_random_pseudo_bytes()function in PHP's source. OpenSSL's RAND_pseudo_bytes function is used to generate the return value as opposed to RAND_bytes also available in OpenSSL.
OpenSSL's documentation of these two functions are as follows:
RAND_pseudo_bytes() puts num pseudo-random bytes into buf. Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be unique if they are of sufficient length, but are not necessarily unpredictable. They can be used for non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc.
RAND_bytes() puts num cryptographically strong pseudo-random bytes into buf. An error occurs if the PRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence.
I guess my question is why wasn't RAND_bytes used or why isn't there also a openssl_rand_bytes() function in PHP if it is, according to OpenSSL, more random.
Just curious. Was it a speed concern? Not reliable enough? Or was the PRNG the issue (ie: to hard to implement when the pseudo works fine for most purposes) ?
Thanks
The choice was probably made based on practicality rather than the soundness of the crypto. If RAND_bytes() is used, the function may fail due to insufficient randomness being available. The author of the PHP code no doubt wanted to avoid the PHP function failing.
I notice though that the openssl_random_pseudo_bytes() function does have an optional crypto_strong parameter, which lets the caller know whether the returned bytes really were cryptographically strong, in the opinion of OpenSSL.
As an aside, it is possible to configure OpenSSL with external engines and some of them (such as CHIL) use a hardware-based random source for both RAND_pseudo_bytes() and RAND_bytes() if that's what you need.
Also, on Windows the PHP code is using CryptGenRandom.
这篇关于PHP:openssl_random_pseudo_bytes()和加密安全性与极端随机性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
