Commit | Line | Data |
---|---|---|
14d4f286 S |
1 | <?php |
2 | /** | |
3 | * The Microtime Random Number Source | |
4 | * | |
5 | * This uses the current micro-second (looped several times) for a **very** weak | |
6 | * random number source. This is only useful when combined with several other | |
7 | * stronger sources | |
8 | * | |
9 | * PHP version 5.3 | |
10 | * | |
11 | * @category PHPCryptLib | |
12 | * @package Random | |
13 | * @subpackage Source | |
14 | * @author Anthony Ferrara <ircmaxell@ircmaxell.com> | |
15 | * @copyright 2011 The Authors | |
16 | * @license http://www.opensource.org/licenses/mit-license.html MIT License | |
17 | * @version Build @@version@@ | |
18 | */ | |
19 | ||
20 | namespace CryptLib\Random\Source; | |
21 | ||
22 | use CryptLib\Core\Strength; | |
23 | ||
24 | /** | |
25 | * The Microtime Random Number Source | |
26 | * | |
27 | * This uses the current micro-second (looped several times) for a **very** weak | |
28 | * random number source. This is only useful when combined with several other | |
29 | * stronger sources | |
30 | * | |
31 | * @category PHPCryptLib | |
32 | * @package Random | |
33 | * @subpackage Source | |
34 | * @author Anthony Ferrara <ircmaxell@ircmaxell.com> | |
35 | * @codeCoverageIgnore | |
36 | */ | |
37 | class MicroTime implements \CryptLib\Random\Source { | |
38 | ||
39 | private $state = null; | |
40 | ||
41 | /** | |
42 | * Return an instance of Strength indicating the strength of the source | |
43 | * | |
44 | * @return Strength An instance of one of the strength classes | |
45 | */ | |
46 | public static function getStrength() { | |
47 | return new Strength(Strength::VERYLOW); | |
48 | } | |
49 | ||
50 | public function __construct() { | |
51 | $state = ''; | |
52 | if (function_exists('posix_times')) { | |
53 | $state .= serialize(posix_times()); | |
54 | } | |
55 | $state .= getmypid() . memory_get_usage(); | |
56 | $state .= serialize($_ENV); | |
57 | $this->state = hash('sha512', $state, true); | |
58 | } | |
59 | ||
60 | /** | |
61 | * Generate a random string of the specified size | |
62 | * | |
63 | * @param int $size The size of the requested random string | |
64 | * | |
65 | * @return string A string of the requested size | |
66 | */ | |
67 | public function generate($size) { | |
68 | $result = ''; | |
69 | $seed = microtime() . memory_get_usage(); | |
70 | $this->state = hash('sha512', $this->state . $seed, true); | |
71 | /** | |
72 | * Make the generated randomness a bit better by forcing a GC run which | |
73 | * should complete in a indeterminate amount of time, hence improving | |
74 | * the strength of the randomness a bit. It's still not crypto-safe, | |
75 | * but at least it's more difficult to predict. | |
76 | */ | |
77 | gc_collect_cycles(); | |
78 | for ($i = 0; $i < $size; $i += 8) { | |
79 | $seed = $this->state . microtime() . pack('N', $i); | |
80 | $this->state = hash('sha512', $seed, true); | |
81 | /** | |
82 | * We only use the first 8 bytes here to prevent exposing the state | |
83 | * in its entirety, which could potentially expose other random | |
84 | * generations in the future (in the same process)... | |
85 | */ | |
86 | $result .= substr($this->state, 0, 8); | |
87 | } | |
88 | return substr($result, 0, $size); | |
89 | } | |
90 | ||
91 | } |