Isn’t a 15 alphanumeric+special chars enough strong for cipherblock and encoding? I see zend/math has a strong option for random string generation, what does this option do? Just a 15 alphanumeric+special chars isn’t enough strong on its own without this option?
That depends on what you want to use it for. Is it good enough to be a cryptographic key? Probably not. Is it good enough to be a salt? That’s probably fine.
But also, be aware that the way you generate the random string is just as important as the string itself.
Zend\Math\Rand will try to use OpenSSL or Mcrypt to generate cryptographically secure strings.
Does zend/math require openssl AND mcrypt to work? Or any of them is enough?
One more question in addition to above:
For cryptographic key, how long char do you suggest? 16 char is enough?
Or what about instead of string generation, we do use byte generation then sha1 it for binary safe?
That’s explained here.
You need a minimum of 128 bits of cryptographically random data.
If you have a good and specific reason why using the raw binary data won’t work, then we can discuss ways to encode the binary data using only printable characters. But likely you’ll be better off keeping your raw binary data just the way it is.
That byte generation for some reasons should be stored somewhere so I need to make it printable. Please advice how to make it printable as a cryptography key or better to go with string generation? Which one is more secure?
Databases can store binary data just as easily as it can printable characters.
Well, first, we’re not talking about different ways to generate a key. You still should use something secure such as Mcrypt to get your random data. Once you have the random data, then you can convert that data to printable characters – such as hex or [URL=“http://us3.php.net/manual/en/function.base64-encode.php”]base64 – if you absolutely need to.