Generates an arbitrary length string of cryptographic random bytes that are suitable for cryptographic use, such as when generating salts, keys or initialization vectors. Version 1 UUID Generator Generate a version 1 UUID. Bulk Version 1 UUID Generation. Download to a file. What is a Version 1 UUID? A Version 1 UUID is a universally unique identifier that is generated using a timestamp and the MAC address of the computer on which it was generated. OpenSSL is well known for its ability to generate certificates but it can also be used to generate random data. Base64 Generates 32 random bytes (256bits) in a base64 encoded output.
Here is a high-level description of how this library works. Any discrepancybetween this documentation and the actual implementation will be considereda security bug.
Let's start with the following definitions:
- HKDF-SHA256(k, n, info, s) is the key derivation function specified inRFC 5869 (using the SHA256 hash function). The parameters are:
- k: The initial keying material.
- n: The number of output bytes.
- info: The info string.
- s: The salt.
- AES-256-CTR(m, k, iv) is AES-256 encryption in CTR mode. The parametersare:
- m: An arbitrary-length (possibly zero-length) message.
- k: A 32-byte key.
- iv: A 16-byte initialization vector (nonce).
- PBKDF2-SHA256(p, s, i, n) is the password-based key derivationfunction defined in RFC 2898 (using the SHA256 hash function). The parametersare:
- p: The password string.
- s: The salt string.
- i: The iteration count.
- n: The output length in bytes.
- VERSION is the string
'xDExF5x02x00'
. - AUTHINFO is the string
'DefusePHP|V2|KeyForAuthentication'
. - ENCRINFO is the string
'DefusePHP|V2|KeyForEncryption'
.
To encrypt a message m using a 32-byte key k, the following steps are taken:
- Generate a random 32-byte string salt.
- Derive the 32-byte authentication key akey = HKDF-SHA256(k, 32, AUTHINFO, salt).
- Derive the 32-byte encryption key ekey = HKDF-SHA256(k, 32, ENCRINFO, salt).
- Generate a random 16-byte initialization vector iv.
- Compute c = AES-256-CTR(m, ekey, iv).
- Combine ctxt = VERSION || salt || iv || c.
- Compute h = HMAC-SHA256(ctxt, akey).
- Output ctxt || h.
Decryption is roughly the reverse process (see the code for details, since thesecurity of the decryption routine is highly implementation-dependent).
For encryption using a password p, steps 1-3 above are replaced by:
- Generate a random 32-byte string salt.
- Compute k = PBKDF2-SHA256(SHA256(p), salt, 100000, 32).
- Derive the 32-byte authentication key akey = HKDF-SHA256(k, 32, AUTHINFO, salt)
- Derive the 32-byte encryption key ekey = HKDF-SHA256(k, 32, ENCRINFO, salt)
The remainder of the process is the same. Notice the reuse of the same saltfor PBKDF2-SHA256 and HKDF-SHA256. The prehashing of the password in step 2 isdone to prevent a DoS attack using longpasswords.
For KeyProtectedByPassword
, the serialized key is encrypted according to thepassword encryption defined above. However, the actual password used forencryption is the SHA256 hash of the password the user provided. This is done inorder to provide domain separation between the message encryption in the user'sapplication and the internal key encryption done by this library. It fixesa key replacement chosen-protocolattack.
PHP provides the popular md5() hash function out of the box, which returns 32 a hex character string. It’s a great way to generate a fingerprint for any arbitrary length string. But what if you need to generate an integer fingerprint out of a URL?
Challenge
We faced that challenge in RatingWidget when we had to bind our rating widgets to a unique Int64 IDs based on the website’s page it’s being loaded from. Theoretically we could just store the URLs and query the URL column, but URLs can be very long and creating an index for text column with unknown length is very inefficient.
So if you are working on any kind of dynamic widget development that should load different data based on the URL it’s loaded from, this post will save you tonnes of time.
To simplify the problem, let’s divide it into two sub-challenges:
- URL Canonization
- String to unique Int64 conversion
URL Canonization
In our case, we wanted to assign a unique Int64 for a page, not for a URL. For instance, http://domain.com?x=1&y=2
and http://domain.com?y=2&x=1
are different URLs but in fact both of them will load the exact same page. Therefore, we wanted to assign them an identical Int64 ID. Thus, by canonizing the URLs before mapping them to Int64, we can convert the URLs to uniform representation.
Basically what this code does is reorder the query string parameters by lexicographical order, and slightly tweak the URL encoding based on RFC 3986 URI syntax standard, to compensate for the different browsers + server URL encoding inconsistency.
Notes:
- In our case canonizeUrl, the canonization function, gets rid of the protocol. So
https://domain.com
andhttp://domain.com
are both canonized todomain.com
because we wanted to show the same rating widget on HTTP and HTTPS equivalent pages. - As you can notice, we also ignore everything the after hashmark fragment. Therefore, if you would like to generate unique IDs for SPA (Single Page Application) different states like
http://my-spa.com/#state1
andhttp://my-spa.com/#state2
, the URL canonization function has to be modified to support that.
Converting String to unique Int64 ID for MySql BIGINT Indexed Column
After fooling around with various bit conversion functions like bindec()
, decbin()
, base_convert()
. We have found out that 64 bit integers and PHP are not playing well. None of the mentioned functions consistently supports 64 bit. After digging around on Google, we were lead to a post about 32 bit limitations in PHP which included the suggestion to use GMP, a really cool library for multiple precision integers. Using this library, we managed to create this one line hash function that generates a 64 bit integer out of arbitrary length string.
Post factum, we could have implemented the CRC64 algorithm which generates a string checksum and should perform faster than MD5. But the advantage of the technique we’ve used over CRC is that we’ve created a one-way-hash function, so we can reuse it for various cryptography purposes in the code.
Random Bytes Php
To find out more about GMP, see here.
Grand Finale
Combining the URL canonization with the String to Int64 mapping, the final solution looks like this:
Collision and Performance Test of get64BitHash
Platform: Intel i3, Windows 7 64 bit, PHP 5.3
Iterations: 10,000,000 Times generated get64BitHash
Elapsed Time: 460 millisecond for every 100,000 generations
Collision: Not found
Generate 32 Byte Key Php Download
Summary
Php Byte Array
I hope this straightforward solution will save you time on your next project. If you have comments or any additional use-cases where this technique can be applied, please feel free to comment below.