/** * Create initialization vector. * * This vector is considered to be recreatable the very same way resulting * in the same vector, though hardly depending on current user's session to * be less predictable by attackers gathering access on ciphers. * * @return string initialization vector to use */ protected static function getIV() { return blowfish::get($_SERVER['REMOTE_ADDR'] . $_COOKIE['_txf'] . $_SERVER['HTTP_USER_AGENT'], $_SERVER['HTTP_HOST']) . blowfish::get($_SERVER['HTTP_HOST'] . $_COOKIE['_txf'] . $_SERVER['HTTP_USER_AGENT'], $_SERVER['REMOTE_ADDR']); }
/** * Retrieves hash on an object descriptor and its related secret information * to be valid at date of timestamp. * * @param string $object some public object hash is to be used for (e.g. a user's name) * @param string $secret some internal-only information related to that object (e.g. the user's internal ID or similar) * @param int $timestamp timestamp of day generated hash is considered valid on * @return string hash on object and its related secret valid for day of given timestamp */ protected static function _get($object, $secret, $timestamp) { $salt = blowfish::get($object, 'cePharUm-S3cr3t-54lT' . static::_date($timestamp), true); $hash = substr(preg_replace('#[/+=]#', '', blowfish::get($secret, $salt)), 12, 16); return $hash; }