On 20 July 2011 04:49, cythrawll <cythrawll@xxxxxxxxxxxxx> wrote:
> Hello PHP,
>
> I have plans on creating security framework for PHP websites, I would love
> to support windows but I am having trouble getting access to any sort of
> CSPRNG in windows, this is a bit of a problem....
>
> mcrypt supposedly will help with this, but I am having trouble finding
> easily accessible binaries that I could even dream of using it as a
> reasonable requirement for a framework.
>
> openssl_random_pseudo_bytes I hear has lots of entropy issues on windows...
> so it's not appropriate to use that either...
>
> I tried accessing the .NET csprng through DOTNET in PHP....
>
> $rand = new DOTNET('mscorlib',
> 'System.Security.Cryptography.RNGCryptoServiceProvider');
>
> $rand->GetBytes('somethinggoeshere');
>
> docs are here:
> http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider.aspx
>
> for some reason, no matter what I try to pass to GetBytes, won't work
> (throws wrong type exceptions), tried arrays, strings, various VARIANT
> objects... nothing seems to make it happy.
>
> So I am wondering, is there no easy way to get to a suitable CSPRNG in
> windows? If there is none am I the only one who sees a big problem with
> that?
>
> Love,
>
> Chad Minick
You need to pass an array of System.Byte (VT_UI1). System.Byte is a
structure (http://msdn.microsoft.com/en-us/library/system.byte.aspx).
>From what I've read online, a PHP array() will be correctly converted
to an .NET array. So, ...
<?php
$o_RNG = new DOTNET('mscorlib',
'System.Security.Cryptography.RNGCryptoServiceProvider');
$a_Bytes = array();
foreach(range(1, 10) as $i_Element) {
// VT_UI1 = a byte, but may not be a System.Byte
// which is a structure and not an object and I don't know
// if DOTNET/COM/VARIANT support these .NET structures.
$a_Bytes[] = new VARIANT(VT_EMPTY, VT_UI1);
}
var_dump($o_RNG->GetBytes($a_Bytes));
var_dump($a_Bytes);
?>
should work, but doesn't.
Fatal error: Uncaught exception 'com_exception' with message
'Parameter 0: Type mismatch.
' in Z:\rand.php:10
Stack trace:
#0 Z:\rand.php(10): dotnet->GetBytes(Array)
#1 {main}
thrown in Z:\rand.php on line 10
In reading http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider.aspx,
I see there is a GetType() method. So, thought I'd give that a go by
using ...
echo $o_RNG->GetType();
This results in an error also ...
Warning: Unknown: variant->zval: conversion from 0xd ret=-1 in
Z:\rand.php on line 10
So I'm pretty much guessing that the DOTNET route isn't going to work
any time soon.
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
