All geek questions in one place

What makes openssl_random_pseudo_bytes "cryptographically secure"?

I was always told that I should use openssl_random_pseudo_bytes when providing the salt with the password.

But what I really would like to know is what makes it cryptographically secure. What is the internal difference between rand , mt_rand and openssl_random_pseudo_bytes ?

Thanks in advance.

+6
source share
1 answer

In brief differences:

  • rand uses the libc random number generator ( source ), which is system dependent and usually not cryptographically secure
  • mt_rand uses a well-known algorithm, Mersenne Twister , hence the name; It is a fast algorithm that creates well-distributed, but not cryptographically secure random numbers.
  • openssl_random_pseudo_bytes directly calls the OpenSSL system for cryptographically secure random numbers (but see warning in full description)

Properties are also listed in the table below:

enter image description here

rand

For rand specified in mt_rand :

Many older libcs ​​random number generators have dubious or unknown characteristics and are slow.

So, for rand you need to take a look at your libc to find out which one is actually used. On the Mersenne Twister website, he stated that he should currently have comparable speed, but the characteristics are system dependent. It does not indicate how it is sown, which means that you can use it for a game or such, but not for others.

mt_rand

The Mersenne Twister is a well-known algorithm that produces fairly well-distributed random numbers. It has a very long period, which means that it takes a long time before the previous state occurs (if this happens, it will remain in the cycle, the size of the cycle is called the period). MT is unsafe because it can be restored to its safe state with enough data. This means that if you first generate the key and then use the algorithm for something else, then the attacker can recreate the key if you have enough output. In addition, the creation uses unprotected seed as system time.

openssl_random_pseudo_bytes

The OpenSSL random number generator is usually cryptographically secure (see note below); this means that it is impossible to recalculate the internal state taking into account the output of the generator.

The OpenSSL pseudo random number generator is built using a hash function, currently MD5, which must still be protected to generate random numbers. It is well distributed and, like the MT algorithm, has a high period. OpenSSL rand much slower than MT, but it should still get pretty good speed.

This has an advantage over OS random number generators that do not need additional threads or system calls. OpenSSL uses an operating system random number generator (+ other possible sources) to create the seed. Random OS generators are usually the best possible random number generators, since the OS has access to entropy sources that are not directly accessible to libraries and applications.

Warning : The OpenSSL Wiki states that:

RAND_pseudo_bytes returns pseudo-random bytes, which can be cryptographically strong. The function returns 1 if the bytes are cryptographically strong, and 0 otherwise. If your application has high integrity requirements, it should not use RAND_pseudo_bytes .

What is reflected in the PHP function:

If it is passed to a function, it will contain a boolean that determines whether the algorithm used was “cryptographically strong”, for example, safe for use with GPG, passwords, etc. TRUE if it is, otherwise FALSE

This means that it can still be unsafe, for example, long-term keys.

Warning # 2 : Additional information indicates that the OpenSSL PRNG cannot always be protected regardless of the return value. Therefore, extra care should be taken before choosing OpenSSL.

+11
source

Source: https://habr.com/ru/post/979578/

More articles:


All Articles