This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Time and Randomness Management Library

From OWASP
Revision as of 12:55, 25 July 2013 by Rahul Chaudhary (talk | contribs) (Created page with "<h4>Introduction</h4> <ul> <li> <b>Time: </b>This library is a wrapper library for PHPs own "time()" function. With the use of this library, our aim was to isolate our system ...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

  • Time: This library is a wrapper library for PHPs own "time()" function. With the use of this library, our aim was to isolate our system with the "system clock" which is used by the PHP's "time()" function. A separate wrapper for time lets us move time forward (future) or backwards (past) without changing the actual system time. This central library can be reset-ed to a different time and that time would be reflected in all of the application, without having to change any other component in the system or application.
  • Random: This library is the central library to generate random numbers and strings for the whole application. Using this library we can generate cryptographically random strings of any length. This function also produces random integers.

    Need for Time and Randomness Library

    With time, developers often feel the need to change the system time - maybe for testing purpose or for different time-zones. Whatever is the case, developers find a hard time using normal PHP's "time()" function. To change time to some other time, they have to change system time, which is not only insecure, but will also affect many functions inside the host operating systems which heavily depend on time, such as Cron jobs and time-triggered events. This also is not recommended on main servers as this can corrupt other authentication servers such as "Kerberos". Also it may give an attacker a window to launch some attacks to time-dependent functions. Thus, for all the reasons stated above, we strongly felt the need to generate a wrapper for the time, so that change of time within an application can be isolated and controlled. With this we mean that change in time in one application must not affect any other application or system outside the scope of the application.

    Similarly the need of randomness is crucial in an application. With random strings being so important in a secure application and because not having a separate function in PHP's library for generating a cryptographically secure random string of desired length, we decided to create a separate central library that can provide random strings of desired length. With this library the developers can create secure strings of desired length and can also generate a random integer within a desired range.
Retrieved from "https://wiki.owasp.org/index.php?title=Time_and_Randomness_Management_Library&oldid=156022"