search

facebookarchive / php-graph-sdk

The Facebook SDK for PHP provides a native interface to the Graph API and Facebook Login. https://developers.facebook.com/docs/php
Other
3.18k stars 1.96k forks source link

CSPRSG address space is very wasteful #1247

Open kralos opened 3 years ago

kralos commented 3 years ago

Any strings yielded by the built in PseudoRandomStringGenerators only use [0-9][a-f] however the alphabet has a lot more to offer. Especially if you count uppercase...

Facebook\PseudoRandomString\PseudoRandomStringGeneratorTrait

    public function binToHex($binaryData, $length)
    {
        return \substr(\bin2hex($binaryData), 0, $length);
    }

e.g.

class RandomIntBase62CSPRSG implements \Facebook\PseudoRandomString\PseudoRandomStringGeneratorInterface
{
    /**
     * Indexing a string is faster than using \chr()
     */
    private const CHARS = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

    public static function getPseudoRandomString(
        int $length
    ): string {
        $string = '';
        for ($i = 0; $i < $length; $i++) {
            $string .= static::CHARS[\random_int(0, 61)];
        }
        return $string;
    }
}
JexPY commented 3 years ago

I don't think they care anymore....