> Does anyone know a good way to generate /good/ keys for algorithms used
with
> mcrypt? I know openssl has key generation scripts, and it seems a little
> inane that mcrypt doesn't provide key generation functions. After all,
> encryption algorithms are not secure without sufficiently random and
> well-chosen keys.
>
> I surely /must/ be missing something! Please let me know.
>
> Dean Hall.
I'm sure there are "better" ways, but for what it's worth, here is what I
use to generate a good random key:
mt_srand((double)microtime()*1000000);
$rsess = uniqid(mt_rand());
$ksess = mhash(MHASH_SHA1, $rsess);
I think the basic code here originated somewhere in the annotated PHP
manual. Depending on the algorithm you use, different key lengths will be
appropriate, so just trim this to the required length. Note that this
requires MHash as well as MCrypt, but you could substitute the built in MD5
function for SHA1.
Hope this helps,
Joe
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
