Does it provide security: the encrypted encrypted result depends on the server?

Question

Does it provide security: the encrypted encrypted result depends on the server?

I work in a cakephp application where I use the Security :: cipher to encrypt some data. It works fine, but I moved the files and DB to another server, and now the encrypted result is different. I tried a few simple lines:

$security = new Security;
$code = $security->cipher('1234', Configure::read('Security.cipherSeed'));

When I print $ code, the value on both servers is different. I configured the same Security.cipherSeed file in both core.php files. Is the Security :: cipher function using some server value for encryption?

Thank.

+3

security php cakephp encryption platform-independent

Min Feb 10 '11 at 12:31

source share

1 answer

ircmaxell · Accepted Answer · 2011-02-10T13:53:37+0000

Well, looking at this error , this seems to be the problem.

, :

srand(Configure::read('Security.cipherSeed'));

, ? rand() . , . , , PHP rand(), php_rand:

PHPAPI long php_rand(TSRMLS_D)
{
    long ret;

    if (!BG(rand_is_seeded)) {
            php_srand(GENERATE_SEED() TSRMLS_CC);
    }

, , ( suhosin, reseed , , ).

#ifdef ZTS
    ret = php_rand_r(&BG(rand_seed));
#else
# if defined(HAVE_RANDOM)
    ret = random();
# elif defined(HAVE_LRAND48)
    ret = lrand48();
# else
    ret = rand();
# endif
#endif

, , ? 4 (rand(), random(), lrand48() php_rand_r)! .

, MCrypt GPG.

: .

Does it provide security: the encrypted encrypted result depends on the server?

More articles: