{"id":14601,"date":"2013-07-12T21:00:23","date_gmt":"2013-07-12T12:00:23","guid":{"rendered":"http:\/\/www.sssg.org\/blogs\/hiro345\/?p=14601"},"modified":"2013-08-04T11:17:47","modified_gmt":"2013-08-04T02:17:47","slug":"cakephp2%e3%81%aesecurity-cipherseed%e3%80%81security-salt%e3%81%ae%e5%80%a4%e3%82%92%e7%94%9f%e6%88%90%e3%81%99%e3%82%8b%e3%82%b3%e3%83%9e%e3%83%b3%e3%83%89","status":"publish","type":"post","link":"https:\/\/www.hiro345.net\/blogs\/hiro345\/archives\/14601.html","title":{"rendered":"CakePHP2\u306eSecurity.cipherSeed\u3001Security.salt\u306e\u5024\u3092\u751f\u6210\u3059\u308b\u30b3\u30de\u30f3\u30c9"},"content":{"rendered":"

CakePHP2\u3092\u4f7f\u3063\u3066\u3044\u308b\u3068Security.cipherSeed\u3001Security.salt\u306e\u5024\u3092\u751f\u6210\u3059\u308b\u30b3\u30de\u30f3\u30c9\u304c\u307b\u3057\u304f\u306a\u308a\u307e\u3059\u3002
\n
\n\u300cblog.shiten.info \u00bb [CakePHP] Security.salt \u3068 Security.cipherSeed \u3092\u751f\u6210\u3059\u308b<\/a>\u300d\u306b\u305d\u306e\u3082\u306e\u304c\u3042\u308a\u307e\u3057\u305f\u3002\u3082\u3068\u306e\u8a18\u4e8b\u3067\u306f\u4e71\u6570\u751f\u6210\u306f\u5225\u3005\u306b\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u624b\u3092\u629c\u304f\u306a\u3089\u4e0b\u8a18\u306e\u3088\u3046\u306b\u3067\u304d\u307e\u3059\u3002\uff13\u6841\u306e\u6570\u5b57\u3092\u751f\u6210\u3057\u3066\u9023\u7d50\u3057\u306630\u6841\u306e\u6570\u5b57\u3092\u751f\u6210\u3057\u3066\u51fa\u529b\u3002\u305d\u306e\u5f8c\u3001\u305d\u306e\u6570\u5b57\u3092SHA1\u3067\u30cf\u30c3\u30b7\u30e5\u5024\u751f\u6210\u3057\u3066\u51fa\u529b\u3002Security.cipherSeed \u3068 Security.salt \u306e\u9806\u3067\u51fa\u529b\u3055\u308c\u307e\u3059\u3002<\/p>\n

\r\n$ php -r '$num = ""; for($i=0;$i<10;++$i){$num .= rand(100,999);} echo $num . "\\n"; echo sha1($num) . "\\n";'\r\n<\/pre>\n
rand\u95a2\u6570\u306f\u751f\u6210\u3059\u308b\u4e71\u6570\u306e\u7cbe\u5ea6\u304c\u3088\u304f\u306a\u3044\u3068\u3044\u308f\u308c\u3066\u3044\u308b\u306e\u3067\u4ee3\u66ff\u304c\u306a\u3044\u304b\u8abf\u3079\u3066\u307f\u307e\u3057\u305f\u3002PHP5.3\u4ee5\u964d\u306f openssl_random_pseudo_bytes \u3068\u3044\u3046\u3088\u308a\u5f37\u529b\u306a\u4e71\u6570\u30b8\u30a7\u30cd\u30ec\u30fc\u30bf\u304c\u3042\u308b\u3088\u3046\u306a\u306e\u3067\u3001\u305d\u3061\u3089\u3092\u4f7f\u3046\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u8003\u3048\u3066\u307f\u307e\u3057\u305f\u3002rand\u3088\u308a\u3082\u826f\u3044\u4e71\u6570\u3092\u751f\u6210\u3059\u308bmt_rand\u3068\u3044\u3046\u95a2\u6570\u3082\u3042\u308b\u3088\u3046\u3067\u3059\u300216\u9032\u6570\u8868\u73fe\u306e\u4e71\u6570\u751f\u6210\u306f\u7c21\u5358\u3067\u3059\u300240\u6587\u5b57\u5206\u306a\u3089\u300120\u30d0\u30a4\u30c8\u9577\u3067\u751f\u6210\u3057\u3066bin2hex\u306716\u9032\u6570\u8868\u8a18\u306b\u5909\u63db\u3059\u308b\u3060\u3051\u3067\u3059\u300230\u6841\u306e\u6570\u5b57\u306f\u3088\u304f\u308f\u304b\u3089\u306a\u304b\u3063\u305f\u306e\u3067\u3001\u3068\u308a\u3042\u3048\u305a1\u30d0\u30a4\u30c8\uff080 – 255\uff09\u3067\u751f\u6210\u3057\u3066\u3001\u3053\u308c\u3092100\u3067\u5272\u3063\u305f\u4f59\u308a\uff080 – 99\uff09\u306e2\u6841\u306e\u6570\u5b57\u309215\u500b\u7528\u610f\u3057\u3066\u9023\u7d50\u3059\u308b\u51e6\u7406\u3068\u3057\u307e\u3057\u305f\u300200\u304b\u308955\u307e\u3067\u306e\u6570\u5b57\u304c\u82e5\u5e72\u4f7f\u308f\u308c\u3084\u3059\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u307e\u305f\u30010\u304b\u30899\u307e\u3067\u306e\u6570\u5b57\u306f00\u306e\u3088\u3046\u306b\u8868\u793a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u306e\u3067sprintf\u95a2\u6570\u3067\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3057\u3066\u3042\u308a\u307e\u3059\u3002<\/p>\n
\r\n<?php\r\n$cstrong = FALSE;\r\n$bytes = 0;\r\n$salt_value = "";\r\nfor ($i=0; $i<10; $i++) {\r\n  $bytes = openssl_random_pseudo_bytes(20, $cstrong);\r\n  if ($cstrong===TRUE) {\r\n    break;\r\n  }\r\n}\r\n$salt_value .= bin2hex($bytes);\r\necho $salt_value;\r\necho "\\n";\r\n$salt_value = "";\r\nfor ($i=0 ; $i<15 ; $i++) {\r\n  $bytes = openssl_random_pseudo_bytes(1, $cstrong);\r\n  $o = ord($bytes) % 100;\r\n  $salt_value .= sprintf('%02d', $o);\r\n}\r\necho $salt_value;\r\necho "\\n";\r\n<\/pre>\n
\u4e0a\u8a18PHP\u30d7\u30ed\u30b0\u30e9\u30e0\u3092GenSalt.php\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u3067\u4fdd\u5b58\u3057\u305f\u3068\u3057\u3066\u3001\u6b21\u306e\u3088\u3046\u306b\u5b9f\u884c\u3057\u307e\u3059\u3002Security.salt \u3068 Security.cipherSeed \u306e\u9806\u3067\u51fa\u529b\u3055\u308c\u307e\u3059\u3002<\/p>\n
\r\n$ php -f GenSalt.php\r\n48c6714d8ffead559b79c422ce7da3dc4fd4dd72\r\n470887575193916412053854160366\r\n<\/pre>\n
Java\u3067\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u751f\u6210\u3059\u308b\u30d7\u30ed\u30b0\u30e9\u30e0\u3082\u4f5c\u3063\u305f\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002\u8208\u5473\u304c\u3042\u3063\u305f\u3089\u300cjgenpassword\u3067\u30d1\u30b9\u30ef\u30fc\u30c9\u751f\u6210 | hiro345<\/a>\u300d\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n