search

jasonhinkle / php-gpg

GPG / PGP port written in pure PHP with no binary dependencies
116 stars 28 forks source link

Call to undefined function random_int() #27

Closed Elompenta closed 8 years ago

Elompenta commented 8 years ago

http://php.net/manual/de/function.random-int.php

This function is based on Andrew Moore's UUID generation function on the uniqid function; it has been updated to use random_int() on PHP 7.0 or later yet continue to function with earlier versions using mt_rand().

[Sun Jan 24 18:35:24 2016] [error] [client 192.168.3.5] PHP Fatal error: Call to undefined function random_int() in /dir/classes/php-gpg/libs/GPG/Utility.php on line 112

DanielRuf commented 8 years ago

Hello @Elompenta, the right way is to install the library and its dependencies using Composer.

random_compat is required: https://github.com/paragonie/random_compat

Also please see the code to learn something about the CSPRNG behind random_int and its secure fallbacks.

Elompenta commented 8 years ago

@DanielRuf Thanks for fast response.

Okay - this additonal class works fine!

git clone https://github.com/paragonie/random_compat.git require_once __DIR__.'/classes/random_compat/lib/random.php';

DanielRuf commented 8 years ago

See here, why mt_rand is not a CSPRNG.

The numbers can be predicted, no byte ouput, weak seeds, not enough entropy, ...

http://security.stackexchange.com/a/18034/6090 http://stackoverflow.com/a/17362970/753676 http://crypto.stackexchange.com/a/2248/12434 http://phpsecurity.readthedocs.org/en/latest/Insufficient-Entropy-For-Random-Values.html

We can see this more clearly close to home in PHP. The mt_rand() function generates random values which are always digits. It doesn’t output letters, special characters, or any other byte value. This means that an attacker needs far fewer guesses per byte, i.e. its entropy is low. If we substituted mt_rand() by reading bytes from the Linux /dev/random source, we’d get truly random bytes fed by environmental noise from the local system’s device drivers and other sources. This second option is obviously much better and would provide substantially more bits of entropy.

The other black mark against something like mt_rand() is that it is not a true random generator. It is a Pseudorandom Number Generator (PRNG) or Deterministic Random Bit Generator (DRBG). It implements an algorithm called Mersenne Twister (MT) which generates numbers distributed in such a way as to approximate truly random numbers. It actually only uses one random value, known as the seed, which is then used by a fixed algorithm to generate other pseudorandom values.

DanielRuf commented 8 years ago

Closing the issue as the issue is resolved.