php-windows Digest 24 Jul 2011 15:37:29 -0000 Issue 3963
Topics (messages 30676 through 30678):
Re: CSPRNG under windows.
30676 by: Pierre Joye
30677 by: Richard Quadling
Three new versions of EasyPHP (WAMP package) with PHP 5.3.6, 5.3.7 RC3 and
5.4.0 alpha2
30678 by: Laurent Abbal
Administrivia:
To subscribe to the digest, e-mail:
php-windows-digest-subscr...@lists.php.net
To unsubscribe from the digest, e-mail:
php-windows-digest-unsubscr...@lists.php.net
To post to the list, e-mail:
php-wind...@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
hi,
I did not try to access it using COM, but if the scprng you want is
the default provider, you can simply call openssl_random_pseudo_bytes
which uses the same API that what you are trying to call (php
5.3.7RC+).
Cheers,
On Wed, Jul 20, 2011 at 5:49 AM, cythrawll <cythra...@codeangel.org> wrote:
> Hello PHP,
>
> I have plans on creating security framework for PHP websites, I would love
> to support windows but I am having trouble getting access to any sort of
> CSPRNG in windows, this is a bit of a problem....
>
> mcrypt supposedly will help with this, but I am having trouble finding
> easily accessible binaries that I could even dream of using it as a
> reasonable requirement for a framework.
>
> openssl_random_pseudo_bytes I hear has lots of entropy issues on windows...
> so it's not appropriate to use that either...
>
> I tried accessing the .NET csprng through DOTNET in PHP....
>
> $rand = new DOTNET('mscorlib',
> 'System.Security.Cryptography.RNGCryptoServiceProvider');
>
> $rand->GetBytes('somethinggoeshere');
>
> docs are here:
> http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider.aspx
>
> for some reason, no matter what I try to pass to GetBytes, won't work
> (throws wrong type exceptions), tried arrays, strings, various VARIANT
> objects... nothing seems to make it happy.
>
> So I am wondering, is there no easy way to get to a suitable CSPRNG in
> windows? If there is none am I the only one who sees a big problem with
> that?
>
> Love,
>
> Chad Minick
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
--- End Message ---
--- Begin Message ---
On 20 July 2011 04:49, cythrawll <cythra...@codeangel.org> wrote:
> Hello PHP,
>
> I have plans on creating security framework for PHP websites, I would love
> to support windows but I am having trouble getting access to any sort of
> CSPRNG in windows, this is a bit of a problem....
>
> mcrypt supposedly will help with this, but I am having trouble finding
> easily accessible binaries that I could even dream of using it as a
> reasonable requirement for a framework.
>
> openssl_random_pseudo_bytes I hear has lots of entropy issues on windows...
> so it's not appropriate to use that either...
>
> I tried accessing the .NET csprng through DOTNET in PHP....
>
> $rand = new DOTNET('mscorlib',
> 'System.Security.Cryptography.RNGCryptoServiceProvider');
>
> $rand->GetBytes('somethinggoeshere');
>
> docs are here:
> http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider.aspx
>
> for some reason, no matter what I try to pass to GetBytes, won't work
> (throws wrong type exceptions), tried arrays, strings, various VARIANT
> objects... nothing seems to make it happy.
>
> So I am wondering, is there no easy way to get to a suitable CSPRNG in
> windows? If there is none am I the only one who sees a big problem with
> that?
>
> Love,
>
> Chad Minick
You need to pass an array of System.Byte (VT_UI1). System.Byte is a
structure (http://msdn.microsoft.com/en-us/library/system.byte.aspx).
>From what I've read online, a PHP array() will be correctly converted
to an .NET array. So, ...
<?php
$o_RNG = new DOTNET('mscorlib',
'System.Security.Cryptography.RNGCryptoServiceProvider');
$a_Bytes = array();
foreach(range(1, 10) as $i_Element) {
// VT_UI1 = a byte, but may not be a System.Byte
// which is a structure and not an object and I don't know
// if DOTNET/COM/VARIANT support these .NET structures.
$a_Bytes[] = new VARIANT(VT_EMPTY, VT_UI1);
}
var_dump($o_RNG->GetBytes($a_Bytes));
var_dump($a_Bytes);
?>
should work, but doesn't.
Fatal error: Uncaught exception 'com_exception' with message
'Parameter 0: Type mismatch.
' in Z:\rand.php:10
Stack trace:
#0 Z:\rand.php(10): dotnet->GetBytes(Array)
#1 {main}
thrown in Z:\rand.php on line 10
In reading
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider.aspx,
I see there is a GetType() method. So, thought I'd give that a go by
using ...
echo $o_RNG->GetType();
This results in an error also ...
Warning: Unknown: variant->zval: conversion from 0xd ret=-1 in
Z:\rand.php on line 10
So I'm pretty much guessing that the DOTNET route isn't going to work
any time soon.
--
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
--- End Message ---
--- Begin Message ---
Those versions are important ones. For the first time, you can configure
Apache (httpd.conf) and PHP (php.ini) directly from the administration page.
Thus, you can adapt easily the environment to your needs.
Screenshots : www.easyphp.org/screenshots.php
EasyPHP is 11 years old now. It exists since 2000 (we were dealing with
PHP/Fi, PHP2 at this time). This is the first WAMP package ever created.
EasyPHP can be installed anywhere : hard drive, USB drive...
You can also install modules (WordPress, Drupal, Joomla!, Prestashop,
Spip...). That means that you can install a version of WordPress, Spip,
Prestashop, Drupal... and test it immediately. It's pre-configured. Perfect
if you want to discover the last version of an application.
Through the administration you can easily list the docroot, extensions,
change the Apache port, the timezone, max execution time, error reporting,
upload max filesize, add/remove alias, manage modules...
Website : www.easyphp.org
Facebook page : www.facebook.com/easywamp
Twitter : www.twitter.com/easyphp
Sourceforge : www.sourceforge.net/projects/quickeasyphp/
--- End Message ---
