Beispiel #1
0
 /**
  * Build a new instance
  *
  * @param Generator $generator  The random generator to use for seeds
  * @param Factory   $factory    The hash factory to use for this instance
  *
  * @return void
  */
 public function __construct(\PasswordLib\Random\Generator $generator = null)
 {
     if (is_null($generator)) {
         $random = new RandomFactory();
         $generator = $random->getMediumStrengthGenerator();
     }
     $this->generator = $generator;
 }
Beispiel #2
0
 /**
  * Build a new instance
  *
  * @param array     $options    An array of options for the password isntance
  * @param Generator $generator  The random generator to use for seeds
  *
  * @return void
  */
 public function __construct(array $options = array(), \PasswordLib\Random\Generator $generator = null)
 {
     $this->setOptions($this->defaultOptions);
     $this->setOptions($options);
     if (is_null($generator)) {
         $random = new RandomFactory();
         $generator = $random->getMediumStrengthGenerator();
     }
     $this->generator = $generator;
 }
Beispiel #3
0
 /**
  * Build a new instance
  *
  * @param int       $iterations The number of times to iterate the hash
  * @param Generator $generator  The random generator to use for seeds
  *
  * @return void
  */
 public function __construct($iterations = 8, \PasswordLib\Random\Generator $generator = null)
 {
     if ($iterations > 31 || $iterations < 4) {
         throw new \InvalidArgumentException('Invalid Iteration Count Supplied');
     }
     $this->iterations = $iterations;
     if (is_null($generator)) {
         $random = new RandomFactory();
         $generator = $random->getMediumStrengthGenerator();
     }
     $this->generator = $generator;
 }
 /**
  * @covers PasswordLib\Random\Factory::getMediumStrengthGenerator
  * @covers PasswordLib\Random\Factory::getGenerator
  * @covers PasswordLib\Random\Factory::findMixer
  */
 public function testGetMediumStrengthGenerator()
 {
     $factory = new Factory();
     $generator = $factory->getMediumStrengthGenerator();
     $this->assertTrue($generator instanceof PasswordLib\Random\Generator);
     $mixer = call_user_func(array(get_class($generator->getMixer()), 'getStrength'));
     $this->assertTrue($mixer->compare(new Strength(Strength::MEDIUM)) <= 0);
     foreach ($generator->getSources() as $source) {
         $strength = call_user_func(array(get_class($source), 'getStrength'));
         $this->assertTrue($strength->compare(new Strength(Strength::MEDIUM)) >= 0);
     }
 }
Beispiel #5
0
 /**
  * Build a new instance of the PBKDF password class
  *
  * @param PBKDF     $derivation The derivation class to use
  * @param int       $size       The size of hash to generate
  * @param int       $iterations The number of iterations to perform
  * @param Generator $generator  The Random Generator to use
  *
  * @return void;
  */
 public function __construct(\PasswordLib\Key\Derivation\PBKDF $derivation = null, $size = 40, $iterations = 5000, \PasswordLib\Random\Generator $generator = null)
 {
     if (is_null($derivation)) {
         $derivation = new PBKDF2();
     }
     $this->derivation = $derivation;
     $this->size = $size < 40 ? 40 : (int) $size;
     $this->iterations = $iterations > 0 ? (int) $iterations : 1;
     if (is_null($generator)) {
         $factory = new RandomFactory();
         $generator = $factory->getMediumStrengthGenerator();
     }
     $this->generator = $generator;
 }
Beispiel #6
0
 /**
  * Shuffle an array.  This will preserve key => value relationships, and return
  * a new array that has been randomized in order.
  *
  * To get keys randomized, simply pass the result through array_values()...
  *
  * @param array $array The input array to randomize
  *
  * @return array The suffled array
  */
 public function shuffleArray(array $array)
 {
     $factory = new RandomFactory();
     $generator = $factory->getMediumStrengthGenerator();
     $result = array();
     $values = array_values($array);
     $keys = array_keys($array);
     $max = count($array);
     for ($i = $max - 1; $i >= 0; $i--) {
         $int = $generator->generateInt(0, $i);
         $result[$keys[$int]] = $values[$int];
         unset($keys[$int], $values[$int]);
         $keys = array_values($keys);
         $values = array_values($values);
     }
     return $result;
 }
 /**
  * Perform a constant time comparison between two hash strings
  * 
  * This is done to prevent remote timing attacks from giving an attacker
  * information about the hash remotely.  This provides a constant runtime
  * equality check between two strings of the same length. This should be used
  * any time sensitive information is compared, as === can leak information
  * about the position of the difference to an attacker.
  *
  * Additionally, for added protection we're hashing each hash again with the 
  * same random key, to further protect against any form of timing attacks if
  * the two hashes are of different length
  *
  * @param string $hash1 The first hash to compare
  * @param string $hash2 The second hash to compare
  * 
  * @see http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
  * @see http://rdist.root.org/2010/01/07/timing-independent-array-comparison/
  * @return boolean True if the strings are identical
  */
 protected function compareStrings($hash1, $hash2)
 {
     if (!$this->generator) {
         $random = new RandomFactory();
         $this->setGenerator($random->getMediumStrengthGenerator());
     }
     $key = $this->generator->generate(1024);
     $hash1 = hash_hmac('sha512', $hash1, $key, true);
     $hash2 = hash_hmac('sha512', $hash2, $key, true);
     $len = strlen($hash1);
     $result = 0;
     for ($i = 0; $i < $len; $i++) {
         $result |= ord($hash1[$i]) ^ ord($hash2[$i]);
     }
     return $result === 0;
 }