[eluser]Xeoncross[/eluser]
I have been cramming all I can over the last several days trying to max-out the security of my hashes. One of the things I started playing around with today is a user salt generator that I made that can return a ASCII, Numeric, or SHA256 hashed ASCII string of the length that you require. I plan on using this when creating a user salt for someone that registers on my site. This is much more secure than md5(mt_rand()).
Would anyone else be interested in this function? It is about as random as I could get it until PHP moves up a little more and the OpenSSL stuff comes into play.
Think of this function as rand() on steroids. ;-)
Code:
/**
* Create a random string of numbers or ascii chars the given size.
* Optionally, hash the result so that it is easier to store.
*
* @author Xeoncross
* @license MIT License http://www.opensource.org/licenses/mit-license.php
* @param int the size of the random string
* @param boolean return a number (instead of ascii)
* @param boolean return a SHA256 hash of the ascci
* @return string
*/
function random_salt($size=32, $number=false, $hash=false) {
//Get insanely random data
$rand = mt_rand().microtime(true).uniqid('',true).join('',stat(__FILE__)).memory_get_usage().getmypid();
//Remove everything that isn't a number
$rand = preg_replace('/[^0-9]+/', '', $rand);
//Randomly shuffle the string
$rand = str_shuffle($rand);
//Did they just want a long number?
if($number) {
return substr($rand, 0, $size);
}
$offset = 0;
for($i=0;$i<$size;$i++) {
//Random starting point
$start = mt_rand(1,3);
//1 to 3 digit number
$length = mt_rand(1,3);
//Add to the total offset
$offset += $start;
//If the offset is past the last char on the rand string - start over
$offset = ($offset + $length) >= strlen($rand) ? $start : $offset;
//Fetch this number
$number = substr($rand, $offset, $length);
//Force it to be larger than ascii 33
while($number < 33) {
$number += rand(1, 30);
}
//Force it to be smaller than ascci 255
while($number > 255) {
$number -= rand(10, 100);
}
//Get the ascii symbol for it
$string .= chr($number);
}
//If the user wants us to hash it also
if($hash) {
return hash('sha256', $string);
}
return $string;
}
Using the function is really easy.
Code:
//32 ASCII 33-255 chars
print random_salt(32);
//12 numbers
print random_salt(12, TRUE);
//SHA256 Hash of 256 ASCII 33-255 chars
print random_salt(256, FALSE, TRUE);
Output:
Code:
"0;+.44'Y$ñçÚÅÿ"Þ'7ð"Ù*05)vWÇ+,'
570285811928
c40637b6a8113b5de1ae01581919668fa54403b6df07e9f0309f98a1f1f21450