Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:103355
Return-Path: <fsb@thefsb.org>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 9564 invoked from network); 22 Oct 2018 03:55:21 -0000
Received: from unknown (HELO smtp91.iad3b.emailsrvr.com) (146.20.161.91)
  by pb1.pair.com with SMTP; 22 Oct 2018 03:55:21 -0000
Received: from smtp12.relay.iad3b.emailsrvr.com (localhost [127.0.0.1])
	by smtp12.relay.iad3b.emailsrvr.com (SMTP Server) with ESMTP id 4524EC011D;
	Sun, 21 Oct 2018 20:09:51 -0400 (EDT)
X-Auth-ID: fsb@thefsb.org
Received: by smtp12.relay.iad3b.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 166CAC00AE;
	Sun, 21 Oct 2018 20:09:51 -0400 (EDT)
X-Sender-Id: fsb@thefsb.org
Received: from [10.0.1.2] (c-76-119-4-100.hsd1.ma.comcast.net [76.119.4.100])
	(using TLSv1.2 with cipher AES256-GCM-SHA384)
	by 0.0.0.0:465 (trex/5.7.12);
	Sun, 21 Oct 2018 20:09:51 -0400
To: "Sammy Kaye Powers" <me@sammyk.me>
Cc: "PHP Internals" <internals@lists.php.net>
Date: Sun, 21 Oct 2018 20:09:39 -0400
X-Mailer: MailMate (1.12r5523)
Message-ID: <1D2D9809-6A2D-49E5-9F86-FBB52AF538B5@thefsb.org>
In-Reply-To: <CALYT1Yohs0fL_nfHzsSuhpT=4-69e-N3oAJdeW0NO64E9ma6GQ@mail.gmail.com>
References: <CALYT1Yohs0fL_nfHzsSuhpT=4-69e-N3oAJdeW0NO64E9ma6GQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="=_MailMate_733E0A4F-9D70-4EEB-BA2D-71C70CCDFF6B_="
Content-Transfer-Encoding: 8bit
Subject: Re: [RFC] Improve openssl_random_pseudo_bytes()
From: fsb@thefsb.org ("Tom Worster")

--=_MailMate_733E0A4F-9D70-4EEB-BA2D-71C70CCDFF6B_=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

On 19 Oct 2018, at 16:46, Sammy Kaye Powers wrote:

> I'd like to start a discussion on the "Improve
> openssl_random_pseudo_bytes()" RFC:
> https://wiki.php.net/rfc/improve-openssl-random-pseudo-bytes
>
> TL;DR:
>
> CSPRNG implementations should always fail closed so this change would
> make `openssl_random_pseudo_bytes()` fail closed.
>
> The second `$crypto_strong` parameter doesn't do anything despite the
> docs stating otherwise. This unnecessarily confusing parameter would
> be deprecated.

At first glance I believed you were proposing that 
`openssl_random_pseudo_bytes()` should fail with an exception and that 
this would be an improvement. I would agree with that. With a little 
more concentration I see you're proposing something less ambitious that 
I'm less enthusiastic about.

The function has been obsolete since 7.0 and A Bad Choice™ in all 
versions of PHP except when OS==Windows AND 5.4.0 <= PHP < 7.0.

The only reason to keep this function is BC but removing the second 
param breaks BC for ALL conscientious and safe uses, i.e. seeking 
unpredictable (i.e. crypto strong) randoms from 5.4.0 <= PHP < 7.0 on 
Windows. There's no valid reason to ask for predictable randoms from 
OpenSSL and, afaik, its not unpredictable (i.e. it's unsafe) on other 
OSs.

I'd love to see an RFC along the lines of: "Improve PHP's OpenSSL API by 
depreciating and eventually removing openssl_random_pseudo_bytes()". Idk 
the right schedule for removing it but how could deprecating it in 7.4 
do more harm than good?

Tom

--=_MailMate_733E0A4F-9D70-4EEB-BA2D-71C70CCDFF6B_=--