From 2a331f74031258276095279a2f962945997d4fc9 Mon Sep 17 00:00:00 2001 From: Stephen Paul Weber Date: Sat, 26 Jan 2013 17:14:38 -0500 Subject: [PATCH] better random string --- lib/openpgp_crypt_aes_tripledes.php | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/lib/openpgp_crypt_aes_tripledes.php b/lib/openpgp_crypt_aes_tripledes.php index 46d5985..c889d7e 100644 --- a/lib/openpgp_crypt_aes_tripledes.php +++ b/lib/openpgp_crypt_aes_tripledes.php @@ -9,10 +9,10 @@ require_once 'Crypt/Random.php'; class OpenPGP_Crypt_AES_TripleDES { public static function encrypt($passphrases_and_keys, $message, $symmetric_algorithm=9) { list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($symmetric_algorithm); - $prefix = self::randomBytes($key_block_bytes); + $prefix = crypt_random_string($key_block_bytes); $prefix .= substr($prefix, -2); - $key = self::randomBytes($key_bytes); + $key = crypt_random_string($key_bytes); $cipher->setKey($key); $to_encrypt = $prefix . $message->to_bytes(); @@ -34,7 +34,7 @@ class OpenPGP_Crypt_AES_TripleDES { $esk = pack('n', OpenPGP::bitlength($esk)) . $esk; array_unshift($encrypted, new OpenPGP_AsymmetricSessionKeyPacket($pass->algorithm, $pass->fingerprint(), $esk)); } else if(is_string($pass)) { - $s2k = new OpenPGP_S2K(crypt_random() . crypt_random() . crypt_random()); + $s2k = new OpenPGP_S2K(crypt_random_string(10)); $cipher->setKey($s2k->make_key($pass, $key_bytes)); $esk = $cipher->encrypt(chr($symmetric_algorithm) . $key); array_unshift($encrypted, new OpenPGP_SymmetricSessionKeyPacket($s2k, $esk, $symmetric_algorithm)); @@ -176,15 +176,6 @@ class OpenPGP_Crypt_AES_TripleDES { throw new Exception("Can only decrypt EncryptedDataPacket"); } - public static function randomBytes($n) { - $key = ''; - for($i = 0; $i < $n; $i++) { - $key .= crypt_random(); - } - $s2k = new OpenPGP_S2K(crypt_random() . crypt_random() . crypt_random()); - return $s2k->make_key($key, $n); - } - public static function checksum($s) { $mkChk = 0; for($i = 0; $i < strlen($s); $i++) {