Revisions to Random String Generator using OpenSSL in PHP

replaced http://security.stackexchange.com/ with https://security.stackexchange.com/

Source Link

edited Mar 17, 2017 at 13:14

1

The documentation says that crypto_strong is set depending on the algorithm used. So it will never go from false to true, so yes, this might result in an infinite loop.

Use it instead to see if you should trust the result. If it is true, the string should be secure should be secure.

(you should also never design your own crypto algorithms for anything other than academic interest)

because this is codereview, I also have a couple of notes regarding your code:

Why do you divide the length by 2? Seems unnecessary. If it does have a purpose, comment on it.
false TRUE: use case uniformly. either false and true or FALSE TRUE
$hex = bin2hex($bytes); return $hex; just make this one line: return bin2hex($bytes)
it is convention to use camelCase for variables, so Length should be length and the function name generateRandomString

The documentation says that crypto_strong is set depending on the algorithm used. So it will never go from false to true, so yes, this might result in an infinite loop.

Use it instead to see if you should trust the result. If it is true, the string should be secure.

(you should also never design your own crypto algorithms for anything other than academic interest)

because this is codereview, I also have a couple of notes regarding your code:

Why do you divide the length by 2? Seems unnecessary. If it does have a purpose, comment on it.
false TRUE: use case uniformly. either false and true or FALSE TRUE
$hex = bin2hex($bytes); return $hex; just make this one line: return bin2hex($bytes)
it is convention to use camelCase for variables, so Length should be length and the function name generateRandomString

The documentation says that crypto_strong is set depending on the algorithm used. So it will never go from false to true, so yes, this might result in an infinite loop.

Use it instead to see if you should trust the result. If it is true, the string should be secure.

(you should also never design your own crypto algorithms for anything other than academic interest)

because this is codereview, I also have a couple of notes regarding your code:

Why do you divide the length by 2? Seems unnecessary. If it does have a purpose, comment on it.
false TRUE: use case uniformly. either false and true or FALSE TRUE
$hex = bin2hex($bytes); return $hex; just make this one line: return bin2hex($bytes)
it is convention to use camelCase for variables, so Length should be length and the function name generateRandomString

removed edit notice.

Source Link

edited Aug 5, 2014 at 11:16

Vogel612

25.5k
7
59
141

The documentation says that crypto_strong is set depending on the algorithm used. So it will never go from false to true, so yes, this might result in an infinite loop.

Use it instead to see if you should trust the result. If it is true, the string should be secure.

(you should also never design your own crypto algorithms for anything other than academic interest)

// edit:

because this is codereview, I also have a couple of notes regarding your code:

Why do you divide the length by 2? Seems unnecessary. If it does have a purpose, comment on it.
false TRUE: use case uniformly. either false and true or FALSE TRUE
$hex = bin2hex($bytes); return $hex; just make this one line: return bin2hex($bytes)
it is convention to use camelCase for variables, so Length should be length and the function name generateRandomString

The documentation says that crypto_strong is set depending on the algorithm used. So it will never go from false to true, so yes, this might result in an infinite loop.

Use it instead to see if you should trust the result. If it is true, the string should be secure.

(you should also never design your own crypto algorithms for anything other than academic interest)

// edit:

because this is codereview, I also have a couple of notes regarding your code:

Why do you divide the length by 2? Seems unnecessary. If it does have a purpose, comment on it.
false TRUE: use case uniformly. either false and true or FALSE TRUE
$hex = bin2hex($bytes); return $hex; just make this one line: return bin2hex($bytes)
it is convention to use camelCase for variables, so Length should be length and the function name generateRandomString

The documentation says that crypto_strong is set depending on the algorithm used. So it will never go from false to true, so yes, this might result in an infinite loop.

Use it instead to see if you should trust the result. If it is true, the string should be secure.

(you should also never design your own crypto algorithms for anything other than academic interest)

because this is codereview, I also have a couple of notes regarding your code:

Why do you divide the length by 2? Seems unnecessary. If it does have a purpose, comment on it.
false TRUE: use case uniformly. either false and true or FALSE TRUE
$hex = bin2hex($bytes); return $hex; just make this one line: return bin2hex($bytes)
it is convention to use camelCase for variables, so Length should be length and the function name generateRandomString

added 462 characters in body

Source Link

edited Aug 5, 2014 at 10:46

tim

25.3k
3
31
76

The documentation says that crypto_strong is set depending on the algorithm used. So it will never go from false to true, so yes, this might result in an infinite loop.

Use it instead to see if you should trust the result. If it is true, the string should be secure.

(you should also never design your own crypto algorithms for anything other than academic interest)

// edit:

because this is codereview, I also have a couple of notes regarding your code:

Why do you divide the length by 2? Seems unnecessary. If it does have a purpose, comment on it.

false TRUE: use case uniformly. either false and true or FALSE TRUE

$hex = bin2hex($bytes); return $hex; just make this one line: return bin2hex($bytes)

it is convention to use camelCase for variables, so Length should be length and the function name generateRandomString

The documentation says that crypto_strong is set depending on the algorithm used. So it will never go from false to true, so yes, this might result in an infinite loop.

Use it instead to see if you should trust the result. If it is true, the string should be secure.

(you should also never design your own crypto algorithms for anything other than academic interest)

The documentation says that crypto_strong is set depending on the algorithm used. So it will never go from false to true, so yes, this might result in an infinite loop.

Use it instead to see if you should trust the result. If it is true, the string should be secure.

(you should also never design your own crypto algorithms for anything other than academic interest)

// edit:

because this is codereview, I also have a couple of notes regarding your code:

Why do you divide the length by 2? Seems unnecessary. If it does have a purpose, comment on it.

false TRUE: use case uniformly. either false and true or FALSE TRUE

$hex = bin2hex($bytes); return $hex; just make this one line: return bin2hex($bytes)

it is convention to use camelCase for variables, so Length should be length and the function name generateRandomString

Source Link

answered Aug 5, 2014 at 10:39

tim

25.3k
3
31
76

Loading

Stack Exchange Network

Return to Answer