function __construct($callback = null, $ttl = -1) { //Maximum entropy, minimum data $this->id = \Radical\Basic\String\Random::GenerateBase64(6) . dechex(crc32(session_id() . time())); $len = strlen($this->id) - rand(0, 4); $this->id = substr($this->id, 0, $len); $this->key = \Radical\Basic\String\Random::GenerateBytes(32); $this->callback = $callback; if ($ttl > 0) { $this->expires = $ttl + time(); } KeyStorage::AddKey($this); }
/** * Generates a Blowfish salt for use in `lithium\security\Password::hash()`. _Note_: Does not * use the `'encode'` option of `String::random()` because it could result in 2 bits less of * entropy depending on the last character. * * @param integer $count The base-2 logarithm of the iteration count. * Defaults to `10`. Can be `4` to `31`. * @return string The Blowfish salt. */ protected static function _genSaltBf($count = 10) { $count = (int) $count; $count = $count < 4 || $count > 31 ? 10 : $count; $base64 = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; $i = 0; $input = String\Random::GenerateBytes(16); $output = ''; do { $c1 = ord($input[$i++]); $output .= $base64[$c1 >> 2]; $c1 = ($c1 & 0x3) << 4; if ($i >= 16) { $output .= $base64[$c1]; break; } $c2 = ord($input[$i++]); $c1 |= $c2 >> 4; $output .= $base64[$c1]; $c1 = ($c2 & 0xf) << 2; $c2 = ord($input[$i++]); $c1 |= $c2 >> 6; $output .= $base64[$c1]; $output .= $base64[$c2 & 0x3f]; } while (1); return '$2a$' . chr(ord('0') + $count / 10) . chr(ord('0') + $count % 10) . '$' . $output; }