Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:107312
Return-Path: <rowan.collins@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 71563 invoked from network); 24 Sep 2019 18:10:43 -0000
Received: from unknown (HELO php-smtp3.php.net) (208.43.231.12)
  by pb1.pair.com with SMTP; 24 Sep 2019 18:10:43 -0000
Received: from php-smtp3.php.net (localhost [127.0.0.1])
	by php-smtp3.php.net (Postfix) with ESMTP id 6E3A62C9127
	for <internals@lists.php.net>; Tue, 24 Sep 2019 08:49:37 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp3.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	SPF_HELO_NONE,URIBL_BLOCKED autolearn=no autolearn_force=no
	version=3.4.2
X-Spam-ASN: AS3215 2.6.0.0/16
X-Spam-Virus: No
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp3.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Tue, 24 Sep 2019 08:49:36 -0700 (PDT)
Received: by mail-io1-xd34.google.com with SMTP id c6so5569955ioo.13
        for <internals@lists.php.net>; Tue, 24 Sep 2019 08:49:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=qgSP1o2Hu46wPk8aCLeyGUOU0ZQP3Pr1lAs7uZK3teg=;
        b=KcsOyKCO6jzi+3qFc/Qv7DxfRBYAwHd+/BmD+7f9aNqa6S3rJ1jmlvivaBuUBgFJg7
         iJ5i+tN0U7EdI+lMlPhQtQrwXV8jMnPLyN91uwT9X4jz8861CqelPpOCGLgwPUpeZT+b
         KnxVzKGLNfj6ymbaMblFyGgh//msFijCQrJcSltUBrhQUhyDzdB2RbWc/gEDNaMcH6N8
         FhIorDLI+g/QFx/OnaTyvfCcvNDCtcVtu4B1o/EP07SR/q5TLGmXoJ/BsQV79fQH40+E
         rG+MYRffHZl9Wl7AtOIJDU2naJYAPLyBlXV3SvvmI8/pSjDS7VpQRBRIYVqGOwgaJXZt
         sokg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=qgSP1o2Hu46wPk8aCLeyGUOU0ZQP3Pr1lAs7uZK3teg=;
        b=Ra0xMbSPHAiIshBNXvSDSo0vhAgWaofrz1KK71dsFWh94RtnZN5m1KLzXjkdvPXBM8
         7/dEPwYubEN2iCCPfxzekfqwQ+f7U55VWZv9+2o1rh37HcUTUUcFF6AaqZ/LQH1bip1S
         88q/QRW/9HQT2Z73GfxzWk/oUPv9An03ID6i6Yglq7Esls9MX7TKpFutzrEBxvyXAMA/
         7lxdXucBhknybik0NHLRSSwTukuaGnCmMdgsDmE9dNJrdNxS3DpIny2Alr2v7igbHnDM
         Fd0bulItwFHEf2zVqQPel3bTRMA/jYcih54+ifomEhhbZeJ3CZM5/UZtutnezjzVyP2n
         KwGQ==
X-Gm-Message-State: APjAAAWFOHO2tjLpUudqn/I4ONoFAHr3ZSJDH/rjJugRKtlanYYqC7SC
	v7eEEglx1KceIFRXLsv3a7pR0+CsTHS2ZC0ANciXfUA1
X-Google-Smtp-Source: APXvYqzMSxMSm7NCF0+WztSQ5iueTn+2cayfrzQ6+evHuizFSJz2NEXpVmnpK42DqL+5PrNulNbJ4mbK5qJPdjArf+4=
X-Received: by 2002:a6b:b643:: with SMTP id g64mr4033459iof.149.1569340175991;
 Tue, 24 Sep 2019 08:49:35 -0700 (PDT)
MIME-Version: 1.0
References: <A91E718E-B023-42DC-AC8D-BC989F5A80E4@cschneid.com>
 <CAF+90c_75x0ZoD63CoLXY3kUKNQQuR_HhaO998osHuzV7ZGXuw@mail.gmail.com>
 <696dc114-c2df-40aa-aad6-5b87d4373c0e@www.fastmail.com> <9479751B-281E-4590-85E7-51EEAF066C73@cschneid.com>
 <11c4fa89-29b3-4639-9dd9-5adff968e437@www.fastmail.com>
In-Reply-To: <11c4fa89-29b3-4639-9dd9-5adff968e437@www.fastmail.com>
Date: Tue, 24 Sep 2019 16:49:24 +0100
Message-ID: <CALKiJKqkf0Ux5K8BSj3LynFz+UGy3UW5F+t9Bdx6R25soJAuFA@mail.gmail.com>
To: php internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000b8ca8305934e7bec"
X-Envelope-From: <rowan.collins@gmail.com>
Subject: Re: [PHP-DEV] PHP 7.4 BC break with openssl_random_pseudo_bytes()
From: rowan.collins@gmail.com (Rowan Tommins)

--000000000000b8ca8305934e7bec
Content-Type: text/plain; charset="UTF-8"

On Tue, 24 Sep 2019 at 15:26, Larry Garfield <larry@garfieldtech.com> wrote:

> And no, random_int(0,0) does what it says on the tin: return a random int
> between 0 and 0.  If you call it that way, well, it's your own PEBCAK.  But
> it throws an exception if the underlying sources of entropy are not working
> for some reason, rather than returning something that can easily be
> mistaken for a valid integer.
>


I think the argument was that the consistent behaviour would be for
random_bytes(0) and openssl_random_pseudo_bytes(0) to return '' (i.e. a
random string which was zero bytes long). The result is just as logical,
and just as meaningless, as "a number between 0 and 0" - in both cases,
there is exactly one valid value, so every random choice returns that value.

The BC break is a separate discussion - the RFC listed some changes to
openssl_random_pseudo_bytes but not this one.

Regards,
-- 
Rowan Tommins
[IMSoP]

--000000000000b8ca8305934e7bec--