Rahul Chaudhary at 13:49, 25 July 2013

2013-07-25T13:49:59Z

Rahul Chaudhary: Created page with "

Introduction

Time: This library is a wrapper library for PHPs own "time()" function. With the use of this library, our aim was to isolate our system ..."
2013-07-25T12:55:33Z

Created page with "<h4>Introduction</h4> <ul> <li> <b>Time: </b>This library is a wrapper library for PHPs own "time()" function. With the use of this library, our aim was to isolate our system ..."

New page
<h4>Introduction</h4>
<ul>
<li>
<b>Time: </b>This library is a wrapper library for PHPs own "time()" function. With the use of this library, our aim was to isolate our system with the "system clock" which is used by the PHP's "time()" function. A separate wrapper for time lets us move time forward (future) or backwards (past) without changing the actual system time. This central library can be reset-ed to a different time and that time would be reflected in all of the application, without having to change any other component in the system or application.
</li>
<li>
<b>Random: </b>This library is the central library to generate random numbers and strings for the whole application. Using this library we can generate cryptographically random strings of any length. This function also produces random integers.
<BR><BR>
<h4>Need for Time and Randomness Library</h4>
With time, developers often feel the need to change the system time - maybe for testing purpose or for different time-zones. Whatever is the case, developers find a hard time using normal PHP's "time()" function. To change time to some other time, they have to change system time, which is not only insecure, but will also affect many functions inside the host operating systems which heavily depend on time, such as Cron jobs and time-triggered events. This also is not recommended on main servers as this can corrupt other authentication servers such as "Kerberos". Also it may give an attacker a window to launch some attacks to time-dependent functions. Thus, for all the reasons stated above, we strongly felt the need to generate a wrapper for the time, so that change of time within an application can be isolated and controlled. With this we mean that change in time in one application must not affect any other application or system outside the scope of the application.
<BR>
Similarly the need of randomness is crucial in an application. With random strings being so important in a secure application and because not having a separate function in PHP's library for generating a cryptographically secure random string of desired length, we decided to create a separate central library that can provide random strings of desired length. With this library the developers can create secure strings of desired length and can also generate a random integer within a desired range.

@@ Line 6: / Line 6: @@
 <li>
 <b>Random: </b>This library is the central library to generate random numbers and strings for the whole application. Using this library we can generate cryptographically random strings of any length. This function also produces random integers.
 <BR><BR>
-<h4>Need for Time and Randomness Library</h4>
+<b>Time: </b>Time library contains one function inside "phpsec" namespace - "time()". This library takes two arguments - the first argument is "mode" and the next argument is "desired time". By default "mode" is "CURR" and "desired time" is "0". Types of mode that are possible in our time() function are:
-With time, developers often feel the need to change the system time - maybe for testing purpose or for different time-zones. Whatever is the case, developers find a hard time using normal PHP's "time()" function. To change time to some other time, they have to change system time, which is not only insecure, but will also affect many functions inside the host operating systems which heavily depend on time, such as Cron jobs and time-triggered events. This also is not recommended on main servers as this can corrupt other authentication servers such as "Kerberos". Also it may give an attacker a window to launch some attacks to time-dependent functions. Thus, for all the reasons stated above, we strongly felt the need to generate a wrapper for the time, so that change of time within an application can be isolated and controlled. With this we mean that change in time in one application must not affect any other application or system outside the scope of the application.
+<ul>
 <BR>
-Similarly the need of randomness is crucial in an application. With random strings being so important in a secure application and because not having a separate function in PHP's library for generating a cryptographically secure random string of desired length, we decided to create a separate central library that can provide random strings of desired length. With this library the developers can create secure strings of desired length and can also generate a random integer within a desired range.
+<b>Random: </b>Random library contains two functions inside "phpsec" namespace - "rand()" and "randstr()". The former method is used to get random integer between a specified range and the latter function is used to get a random string of specified length. The "rand()" function takes two parameters - "min (Defaults to 0)" and "max (Defaults to null)". The other function "randstr()" takes only one parameter - the length of the string desired (defaults to 32). To generate a random string, we use the openssl function (openssl_random_pseudo_bytes). If that function is somehow not present, we use (posix_getpid()) and (memory_get_usage()) to generate the random string.

Time and Randomness Management Library - Revision history

Rahul Chaudhary at 13:49, 25 July 2013

Rahul Chaudhary: Created page with "

Introduction