Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:103345
Return-Path: <sammyk@sammykmedia.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 17701 invoked from network); 20 Oct 2018 00:33:07 -0000
Received: from unknown (HELO mail-lj1-f175.google.com) (209.85.208.175)
  by pb1.pair.com with SMTP; 20 Oct 2018 00:33:07 -0000
Received: by mail-lj1-f175.google.com with SMTP id u21-v6so31945822lja.8
        for <internals@lists.php.net>; Fri, 19 Oct 2018 13:47:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sammyk-me.20150623.gappssmtp.com; s=20150623;
        h=mime-version:from:date:message-id:subject:to;
        bh=zrNhVEa/WuHqUUHO4Tmav+sVZSifyigdrVKjZpDGRmw=;
        b=A2/j0DVju2w8ukx8hR0pBg0a+40h6HwKIojaoq3ZFCED2iwkBfZswcwpHUMZuVAdT8
         GJURFcty/wG2dHOs+scnDO0GT87nMXKKUdIydyEebSjufytN5oOZA+hyQglZhYfO/Ub8
         S85nJMaT9U0sjCvU2tljRkccS+yFbTV6RDbzNV2U8XnKFojC+qO2jinJ8VtKt3rPOIzR
         NyxCpmW/f7fgmr/MCLhw63kHZ52gR2MjNxlUha0NlkjTrJnS+WPiSIB30X9SAN0rnZYa
         OB2Zra0wmbfjcH2vhiCQY0Y67JYuBtIFWiKLs+A6qwv1XoT78gfEo0M+vFILCezd1Gm7
         0DVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=zrNhVEa/WuHqUUHO4Tmav+sVZSifyigdrVKjZpDGRmw=;
        b=FvbNd3sp15yqcwKqkIqfPM25ZDMBLPrEyd9IMd8gtY0YcaicCIp9lFO/HE4LBQekui
         xpnwS6KSYkCG73IaOs/4i1/Yq0l84Ua8JbgY2btYMKzU45L+Kqqflz1jZ3vatbXVJ5Zo
         ZsV7bmUhIVrNQ/A67fQ2krGNuOLe2ZBok5/raYSPPejnUpKPcy3+iVTerUOyt0GUU8ie
         k6polpl9ENKaaab8gNASqJ0FVVrEbt4a2gm4ST7YV1VWX1Mqlb8ixgUbfsFMaWfb1zi4
         dmvEOix8/P1kevXawpQqIk/9a3O3r900/iXA3XZCze9YwxTtLfnfqBqPtQ4o5K2qo0Nd
         QXDQ==
X-Gm-Message-State: AGRZ1gLUNAVPrdcWwkTSI1D+1t4eCIU6kUJHCCBHTEhUW4qHR0MYO6Df
	DHBmFMWujnIsoZGz5tXpTpHJtYAUYoM6vBjLRatAdzO9QU8=
X-Google-Smtp-Source: AJdET5fS3u6fnt7NyqpJnnQJfgtkRjeWL5Kqbr+/DYynKgz8l+SUp9YchHAgIq+LyX+Fhe699SYlA1t71Tu/ex8RUHI=
X-Received: by 2002:a2e:5109:: with SMTP id f9-v6mr5409617ljb.155.1539982023653;
 Fri, 19 Oct 2018 13:47:03 -0700 (PDT)
MIME-Version: 1.0
Date: Fri, 19 Oct 2018 16:46:52 -0400
Message-ID: <CALYT1Yohs0fL_nfHzsSuhpT=4-69e-N3oAJdeW0NO64E9ma6GQ@mail.gmail.com>
To: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Subject: [RFC] Improve openssl_random_pseudo_bytes()
From: me@sammyk.me (Sammy Kaye Powers)

Hi internals friends!

I'd like to start a discussion on the "Improve
openssl_random_pseudo_bytes()" RFC:
https://wiki.php.net/rfc/improve-openssl-random-pseudo-bytes

TL;DR:

CSPRNG implementations should always fail closed so this change would
make `openssl_random_pseudo_bytes()` fail closed.

The second `$crypto_strong` parameter doesn't do anything despite the
docs stating otherwise. This unnecessarily confusing parameter would
be deprecated.

Thanks,
Sammy Kaye Powers
sammyk.me