Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:103414 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 76887 invoked from network); 31 Oct 2018 21:38:19 -0000 Received: from unknown (HELO mail-lf1-f49.google.com) (209.85.167.49) by pb1.pair.com with SMTP; 31 Oct 2018 21:38:19 -0000 Received: by mail-lf1-f49.google.com with SMTP id d7-v6so12343018lfi.2 for ; Wed, 31 Oct 2018 10:55:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sammyk-me.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=UGD1lCTpIFWTjhMj+wnNLqnJj/Js0JVFoHn1wdTp1ck=; b=VB9KyWs0Oa6oFS9bkkrn1fN1d0bgn579Eem6rj1yR+ZR0wDcLZbe+YzdTJ0T6Aubs2 ncJGh77cWOplkmN9DbIGz9R6zgq0155dWh9rHpnOmIy6aeZ9v6F1mjIr5mmCzNbhnlq9 NAbg6zAcBSmRZ/HunbuLFU2kaSemR72tfD4CQxil6ev5lC4G+RUp1wY+6KmuFhtY5B6K 1NtH2BQXpSOrrACxgV6hJmIso9ZDRl3Xk0pQmV1mlNpOUWXwf45ILtOpzJLC84YcnrwV gAgF8k9RuAgrbISgpHM0QsvYIr3zRYvTeAoUgEys2EH2XldGZlBzA0L2sUATSfwGKItr oj0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=UGD1lCTpIFWTjhMj+wnNLqnJj/Js0JVFoHn1wdTp1ck=; b=V3teLGSwsOG2oNH/2ZL3W6tRUO7Y+rXnqTBFYN0Ddu19mcP5TIw2WhXVT3cg/EWBeH 42WnKGSHIkNUZQrE/9yyrZ7ZOLJsm3Wl66EOCzGiRuLP8TKFdAAvfR2Cc2zLvm/eIE/w qoNo/JeHD3NJs0/n0mtJre85/nbY5Up8pFMSeEx5v8JuuG8Pq15l88+4bPEZQqokXkRn c9RULJ9qMuKPoWVrl0gJX9yHqtSUWKdcKUPdXexdyPCW0NPZTmqdWufjCwQOS7/NkwwZ t9IATDVU+RNKwsM9KlofyF0lpny0+VA1fiiKC6pe6C8OJhaGPpuzk/HWEGn4lPdT+3a/ aWlA== X-Gm-Message-State: AGRZ1gKfMiGMzDBd+JcJ9cRrW64Wl7mPDmoR8QqQLvChdXSOj1iIBS7K 5qDJoILUaQb9rhOK5OqyytYAqzqtBbZvTWkBZ8MVIeXLIEY= X-Google-Smtp-Source: AJdET5c7XBFrCJR8oHVDYdrXO/uH+isP8BTfHwVxUlegcSEeJSvhLe6QAYav5fZz4jNb2qbWXH2pjFelGF66eUFxcw0= X-Received: by 2002:a19:1019:: with SMTP id f25mr2485828lfi.54.1541008514423; Wed, 31 Oct 2018 10:55:14 -0700 (PDT) MIME-Version: 1.0 References: <1D2D9809-6A2D-49E5-9F86-FBB52AF538B5@thefsb.org> In-Reply-To: Date: Wed, 31 Oct 2018 13:55:03 -0400 Message-ID: To: Tom Worster Cc: PHP Internals Content-Type: text/plain; charset="UTF-8" Subject: Re: [RFC] Improve openssl_random_pseudo_bytes() From: me@sammyk.me (Sammy Kaye Powers) Hey Tom! > According to one argument that has a lot of currency, it does. You have great points that I totally agree with; after all, my original proposal was to alias to random_bytes(). But this RFC just targets the implementation problems, not the OpenSSL CSPRNG itself. We already discussed in a separate thread the possibility of removing/aliasing it, but have decided we're gonna keep it. :) > (Btw, "a proper CSPRNG" might be misinterpreted as a **bold** claim. Good point - I'm not an infosec expert by any means so I try to avoid making any hard claims regarding cryptography. :) > Idk. It's your RFC and I kinda hijacked the thread. Hehe - thanks for hijacking! I always love the feedback. :) Thanks, Sammy Kaye Powers sammyk.me