Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

sqldatasource dal, wwwxxxenden, convert raid5 to raid 10 mdadm, apache force chunked, nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas, linux raid resync after reboot

Links

XODOX
Impressum

#1: CSPRNG under windows.

Posted on 2011-07-20 05:49:23 by cythrawll

Hello PHP,

I have plans on creating security framework for PHP websites, I would
love to support windows but I am having trouble getting access to any
sort of CSPRNG in windows, this is a bit of a problem....

mcrypt supposedly will help with this, but I am having trouble finding
easily accessible binaries that I could even dream of using it as a
reasonable requirement for a framework.

openssl_random_pseudo_bytes I hear has lots of entropy issues on
windows... so it's not appropriate to use that either...

I tried accessing the .NET csprng through DOTNET in PHP....

$rand = new DOTNET('mscorlib',
'System.Security.Cryptography.RNGCryptoServiceProvider');

$rand->GetBytes('somethinggoeshere');

docs are here:
http://msdn.microsoft.com/en-us/library/system.security.cryp tography.rngcryptoserviceprovider.aspx

for some reason, no matter what I try to pass to GetBytes, won't work
(throws wrong type exceptions), tried arrays, strings, various VARIANT
objects... nothing seems to make it happy.

So I am wondering, is there no easy way to get to a suitable CSPRNG in
windows? If there is none am I the only one who sees a big problem with
that?

Love,

Chad Minick

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message

#2: Re: CSPRNG under windows.

Posted on 2011-07-20 08:22:34 by Pierre Joye

hi,

I did not try to access it using COM, but if the scprng you want is
the default provider, you can simply call openssl_random_pseudo_bytes
which uses the same API that what you are trying to call (php
5.3.7RC+).

Cheers,

On Wed, Jul 20, 2011 at 5:49 AM, cythrawll <cythrawll@codeangel.org> wrote:
> Hello PHP,
>
> I have plans on creating security framework for PHP websites, I would love
> to support windows but I am having trouble getting access to any sort of
> CSPRNG in windows, this is a bit of a problem....
>
> mcrypt supposedly will help with this, but I am having trouble finding
> easily accessible binaries that I could even dream of using it as a
> reasonable requirement for a framework.
>
> openssl_random_pseudo_bytes I hear has lots of entropy issues on windows...
> so it's not appropriate to use that either...
>
> I tried accessing the .NET csprng through DOTNET in PHP....
>
> $rand = new DOTNET('mscorlib',
> 'System.Security.Cryptography.RNGCryptoServiceProvider');
>
> $rand->GetBytes('somethinggoeshere');
>
> docs are here:
> http://msdn.microsoft.com/en-us/library/system.security.cryp tography.rngcryptoserviceprovider.aspx
>
> for some reason, no matter what I try to pass to GetBytes, won't work
> (throws wrong type exceptions), tried arrays, strings, various VARIANT
> objects... nothing seems to make it happy.
>
> So I am wondering, is there no easy way to get to a suitable CSPRNG in
> windows? If there is none am I the only one who sees a big problem with
> that?
>
> Love,
>
> Chad Minick
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>



--
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message

#3: Re: CSPRNG under windows.

Posted on 2011-07-20 11:37:32 by Richard Quadling

On 20 July 2011 04:49, cythrawll <cythrawll@codeangel.org> wrote:
> Hello PHP,
>
> I have plans on creating security framework for PHP websites, I would love
> to support windows but I am having trouble getting access to any sort of
> CSPRNG in windows, this is a bit of a problem....
>
> mcrypt supposedly will help with this, but I am having trouble finding
> easily accessible binaries that I could even dream of using it as a
> reasonable requirement for a framework.
>
> openssl_random_pseudo_bytes I hear has lots of entropy issues on windows...
> so it's not appropriate to use that either...
>
> I tried accessing the .NET csprng through DOTNET in PHP....
>
> $rand = new DOTNET('mscorlib',
> 'System.Security.Cryptography.RNGCryptoServiceProvider');
>
> $rand->GetBytes('somethinggoeshere');
>
> docs are here:
> http://msdn.microsoft.com/en-us/library/system.security.cryp tography.rngcryptoserviceprovider.aspx
>
> for some reason, no matter what I try to pass to GetBytes, won't work
> (throws wrong type exceptions), tried arrays, strings, various VARIANT
> objects... nothing seems to make it happy.
>
> So I am wondering, is there no easy way to get to a suitable CSPRNG in
> windows? If there is none am I the only one who sees a big problem with
> that?
>
> Love,
>
> Chad Minick

You need to pass an array of System.Byte (VT_UI1). System.Byte is a
structure (http://msdn.microsoft.com/en-us/library/system.byte.aspx).

From what I've read online, a PHP array() will be correctly converted
to an .NET array. So, ...

<?php
$o_RNG = new DOTNET('mscorlib',
'System.Security.Cryptography.RNGCryptoServiceProvider');
$a_Bytes = array();
foreach(range(1, 10) as $i_Element) {
// VT_UI1 = a byte, but may not be a System.Byte
// which is a structure and not an object and I don't know
// if DOTNET/COM/VARIANT support these .NET structures.
$a_Bytes[] = new VARIANT(VT_EMPTY, VT_UI1);
}
var_dump($o_RNG->GetBytes($a_Bytes));
var_dump($a_Bytes);
?>

should work, but doesn't.

Fatal error: Uncaught exception 'com_exception' with message
'Parameter 0: Type mismatch.
' in Z:\rand.php:10
Stack trace:
#0 Z:\rand.php(10): dotnet->GetBytes(Array)
#1 {main}
thrown in Z:\rand.php on line 10


In reading http://msdn.microsoft.com/en-us/library/system.security.cryp tography.rngcryptoserviceprovider.aspx,
I see there is a GetType() method. So, thought I'd give that a go by
using ...

echo $o_RNG->GetType();

This results in an error also ...

Warning: Unknown: variant->zval: conversion from 0xd ret=-1 in
Z:\rand.php on line 10

So I'm pretty much guessing that the DOTNET route isn't going to work
any time soon.
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Report this message