Interview Questions Answers.ORG
Interviewer And Interviewee Guide
Interviews
Quizzes
Home
Quizzes
Interviews Coding/Programming Interviews:Active Template Library (ATL)ActiveXApplication DeveloperArtificial intelligenceAssemblyAssociate Software EngineerAWKAWTC ProgrammingC++ ProgrammingCGI PerlCGI ProgrammingCMMICobolCritical ReasoningData Structures TreesDCOM COMDelphiDTDE4XExtensible Stylesheet Language (XSL)FortranFull-Stack DeveloperHaskellHTML DOMILUIPhone DeveloperJasper Reports DeveloperJava DeveloperLisp ProgrammingLotus NotesMicrosoft Foundation Class (MFC)Mobile DeveloperMVC DeveloperNode.jsOOPPascalPerl ProgrammingPHPPHP DeveloperProgrammingProgramming AlgorithmsProgramming ConceptsPythonRubyRuby on RailsRuby on Rails DeveloperSenior Front End DeveloperSenior Software DeveloperSignature ProgramSOASocket ProgrammingSoftware Development EngineerSoftware engineeringSr. PHP ProgrammerStack And QueueSTLSwift DeveloperTCL (Tool Command Language)Team Leader Android DeveloperUMLUnity 2D Games DeveloperUnity 3D DeveloperUnity DeveloperVBA (Visual Basic for Applications)Visual Basic (VB)Visual C++Web DevelopmentWin32APIWindows ProgramingWordPress DevelopmentWSDLXFormsXHTMLXLinkXMLXPathXQueryXSL-FOXSLT
Copyright © 2018. All Rights Reserved
PHP Interview Question:
How to use cryptographic security in php?
Submitted by: AnitaIf you need some pseudorandom bits for security or cryptographic purposes (e.g.g., random IV for block cipher, random salt for password hash) mt_rand() is a poor source. On most Unix/Linux and/or MS-Windows platforms you can get a better grade of pseudorandom bits from the OS or system library, like this:
<?php
// get 128 pseudorandom bits in a string of 16 bytes
$pr_bits = '';
// Unix/Linux platform?
$fp = @fopen('/dev/urandom','rb');
if ($fp !== FALSE) {
$pr_bits .= @fread($fp,16);
@fclose($fp);
}
// MS-Windows platform?
if (@class_exists('COM')) {
// http://msdn.microsoft.com/en-us/library/aa388176(VS.85).aspx
try {
$CAPI_Util = new COM('CAPICOM.Utilities.1');
$pr_bits .= $CAPI_Util->GetRandom(16,0);
// if we ask for binary data PHP munges it, so we
// request base64 return value. We squeeze out the
// redundancy and useless ==CRLF by hashing...
if ($pr_bits) { $pr_bits = md5($pr_bits,TRUE); }
} catch (Exception $ex) {
// echo 'Exception: ' . $ex->getMessage();
}
}
if (strlen($pr_bits) < 16) {
// do something to warn system owner that
// pseudorandom generator is missing
}
?>
NB: it is generally safe to leave both the attempt to read /dev/urandom and the attempt to access CAPICOM in your code, though each will fail silently on the other's platform. Leave them both there so your code will be more portable.
Submitted by: Muhammad
<?php
// get 128 pseudorandom bits in a string of 16 bytes
$pr_bits = '';
// Unix/Linux platform?
$fp = @fopen('/dev/urandom','rb');
if ($fp !== FALSE) {
$pr_bits .= @fread($fp,16);
@fclose($fp);
}
// MS-Windows platform?
if (@class_exists('COM')) {
// http://msdn.microsoft.com/en-us/library/aa388176(VS.85).aspx
try {
$CAPI_Util = new COM('CAPICOM.Utilities.1');
$pr_bits .= $CAPI_Util->GetRandom(16,0);
// if we ask for binary data PHP munges it, so we
// request base64 return value. We squeeze out the
// redundancy and useless ==CRLF by hashing...
if ($pr_bits) { $pr_bits = md5($pr_bits,TRUE); }
} catch (Exception $ex) {
// echo 'Exception: ' . $ex->getMessage();
}
}
if (strlen($pr_bits) < 16) {
// do something to warn system owner that
// pseudorandom generator is missing
}
?>
NB: it is generally safe to leave both the attempt to read /dev/urandom and the attempt to access CAPICOM in your code, though each will fail silently on the other's platform. Leave them both there so your code will be more portable.
Submitted by: Muhammad
Copyright 2007-2024 by Interview Questions Answers .ORG All Rights Reserved.
https://InterviewQuestionsAnswers.ORG.
https://InterviewQuestionsAnswers.ORG.