Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers Complex Random Character Generator Function
Complex Random Character Generator Function
  • El Forum
    Guest
  •  
#1
04-26-2009, 10:21 PM

[eluser]Xeoncross[/eluser]
I have been cramming all I can over the last several days trying to max-out the security of my hashes. One of the things I started playing around with today is a user salt generator that I made that can return a ASCII, Numeric, or SHA256 hashed ASCII string of the length that you require. I plan on using this when creating a user salt for someone that registers on my site. This is much more secure than md5(mt_rand()).

Would anyone else be interested in this function? It is about as random as I could get it until PHP moves up a little more and the OpenSSL stuff comes into play.

Think of this function as rand() on steroids. ;-)

Code:
/**
* Create a random string of numbers or ascii chars the given size.
* Optionally, hash the result so that it is easier to store.
*
* @author            Xeoncross
* @license            MIT License http://www.opensource.org/licenses/mit-license.php
* @param int        the size of the random string
* @param boolean    return a number (instead of ascii)
* @param boolean    return a SHA256 hash of the ascci
* @return string
*/
function random_salt($size=32, $number=false, $hash=false) {
    
    //Get insanely random data
    $rand = mt_rand().microtime(true).uniqid('',true).join('',stat(__FILE__)).memory_get_usage().getmypid();
    
    //Remove everything that isn't a number
    $rand = preg_replace('/[^0-9]+/', '', $rand);

    //Randomly shuffle the string
    $rand = str_shuffle($rand);
    
    //Did they just want a long number?
    if($number) {
        return substr($rand, 0, $size);
    }
    
    $offset = 0;
    for($i=0;$i<$size;$i++) {
        
        //Random starting point
        $start = mt_rand(1,3);
        //1 to 3 digit number
        $length = mt_rand(1,3);
        //Add to the total offset
        $offset += $start;
        
        //If the offset is past the last char on the rand string - start over
        $offset = ($offset + $length) >= strlen($rand) ? $start : $offset;
        
        //Fetch this number
        $number = substr($rand, $offset, $length);
        
        //Force it to be larger than ascii 33
        while($number < 33) {
            $number += rand(1, 30);
        }
        
        //Force it to be smaller than ascci 255
        while($number > 255) {
            $number -= rand(10, 100);
        }
        
        //Get the ascii symbol for it
        $string .= chr($number);
    }
    
    //If the user wants us to hash it also
    if($hash) {
        return hash('sha256', $string);
    }
    
    return $string;
}

Using the function is really easy.
Code:
//32 ASCII 33-255 chars
print random_salt(32);
//12 numbers
print random_salt(12, TRUE);
//SHA256 Hash of 256 ASCII 33-255 chars
print random_salt(256, FALSE, TRUE);

Output:
Code:
"0;+.44'Y$ñçÚÅÿ"Þ'7ð"Ù*05)vWÇ+,'
570285811928
c40637b6a8113b5de1ae01581919668fa54403b6df07e9f0309f98a1f1f21450
  • El Forum
    Guest
  •  
#2
04-27-2009, 09:34 AM

[eluser]louis w[/eluser]
Thanks for sharing.




Theme © iAndrew 2016 - Forum software by © MyBB