lithium\security\Random::_source()
Returns the best available random number generator source.
The source of randomness used are as follows:
random_bytes()
, available in PHP >=7.0random_bytes()
, available if the openssl extension is installedmcrypt_create_iv()
, available if the mcrypt extensions is installed/dev/urandom
, available on *nixGetRandom()
through COM, available on Windows
Note: Users restricting path access through the open_basedir
INI setting,
will need to include /dev/urandom
into the list of allowed paths, as this
method might read from it.
Returns
callableReturns a closure containing a random number generator.
Links
Source
protected static function _source() {
if (function_exists('random_bytes')) {
return function($bytes) {
return random_bytes($bytes);
};
}
if (function_exists('openssl_random_pseudo_bytes')) {
return function($bytes) {
return openssl_random_pseudo_bytes($bytes);
};
}
if (function_exists('mcrypt_create_iv')) {
return function($bytes) {
return mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM);
};
}
if (is_readable('/dev/urandom')) {
return function($bytes) {
$stream = fopen('/dev/urandom', 'rb');
$result = fread($stream, $bytes);
fclose($stream);
return $result;
};
}
if (class_exists('COM', false)) {
$com = new COM('CAPICOM.Utilities.1');
return function($bytes) use ($com) {
return base64_decode($com->GetRandom($bytes, 0));
};
}
throw new LogicException('No suitable strong random number generator source found.');
}