1
wishcraft
@blowfish :: Encryption Requirement

We need to provided user sessioning blowfish encryption support and protection; this is a often congruent hash or piece of data that is used to salted the encryption; I suggest we provide the salt on the session via a discovery service; through the headers; so if any external site uses it; it get it from cURL headers when scrapping a XOOPS Site!


This example is how it would work:- XOOPS_LICENCE_KEY is the system salt; this is the blowfish salt!

$parts explode("."microtime(true));
    
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
    
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
    
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
    
mt_srand(mt_rand(-microtime(true), microtime(true))/$parts[1]);
    if (!
session_id())
        
session_start();
    if (!isset(
$_SESSION['xoops_session_salt']))
        
$_SESSION['xoops_session_salt'] = sha1((float)(mt_rand(0,1)==1?'':'-').$parts[1].'.'.$parts[0]) / sqrt((float)$parts[1].'.'.intval(cosh($parts[0])))*tanh($parts[1]) * mt_rand(1intval($parts[0] / $parts[1])).XOOPS_LICENCE_KEY);
    if (!
headers_sent())
                  
header('Xoops-Blowfish-Salt: '$_SESSION['xoops_session_salt']);


This would be built normally into class/xoopssecurity.php

Login

Who's Online

209 user(s) are online (66 user(s) are browsing Support Forums)


Members: 0


Guests: 209


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits