Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:115939
Return-Path: <zeriyoshi@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 47978 invoked from network); 3 Sep 2021 17:05:00 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 3 Sep 2021 17:05:00 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 94A1F1804E3
	for <internals@lists.php.net>; Fri,  3 Sep 2021 10:41:30 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <zeriyoshi@gmail.com>
Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com [209.85.218.47])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Fri,  3 Sep 2021 10:41:30 -0700 (PDT)
Received: by mail-ej1-f47.google.com with SMTP id i21so13568932ejd.2
        for <internals@lists.php.net>; Fri, 03 Sep 2021 10:41:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=G+LcrN/HZy9F5nwyB/nggESyjKQaKoD1Ap9TU9Os5EE=;
        b=lNcCxh17g95nkWbv+/d82137BzGtWNCTz6jCkiDsOtcTaYzWQzRYId1+2MjVIqU1o9
         4Q/Tm7otnrvgt8dOIjEzRDoMJfTKEXu+XegXzIp1Nh7oxPdA5etlHOsbhp/DvjGzM4UB
         rTVhhXo67nRBTBv+0OYSb+NZxgfB4e9HcQveWbQ/+AY2GNweTV8z8KkfAT9DzONcrIgm
         AJpaU3oi8ZR5TCIwYJJpcMwwc4r6dwHFwdrd6jEXRWBk8uNdnYtCuU6zH0l/Cx7AxLEb
         AQ4UFtpDPyw/P3+v98jbVJHPkEsTJMZCyXJuo15Yf6LAVI6SVSfSb+epE3dCu6RevqUC
         NJiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=G+LcrN/HZy9F5nwyB/nggESyjKQaKoD1Ap9TU9Os5EE=;
        b=TrA5PVEVwHyglHoMabCW6LJzzsrwRB9Z56tm1dsRVIMGfsqkx/lg371Ts7RdqBKt11
         w8Cqc+cSmJC3uQ67mhufcSCcOWoBPp7RR5Cyp481kWohP0upwM+Rk62ylL5sQ36Illby
         X7SXb1FRj/ph8ywT+BnJXL9ePpbMXbGnSMxxHM6hTBcyTDlniSAiHxCdEYdtksKe8nKJ
         xS6MpdGJEYFGVy3Vb7wM/qv38YYl5Y8ixexy+2mqdGefyfo7I8XFD03Vnnegb2rTbgPx
         0AJndnt+3syCZn0OXzEd069F8tPPt3zY2wGV+SjwfcqPCdhEs/ytNR52mBLApxTyuGtK
         J3HQ==
X-Gm-Message-State: AOAM533vfhtlYtfD4exjs4QGWsaVc33zvlBZQvY3l7j/nynt2ovg/dhs
	NtZ/QrHqSTPYLYXju9Gl9nZIhWkkc517tZuU+vAU3V8Di3ZS1Q==
X-Google-Smtp-Source: ABdhPJzpmXgL1cRRyAK/813DL9mKHHUIdnqiiQru33YQyayX5vobD0M4Y2ba08tAgGtNfxTBGCG08aHH295WUeTpsx0=
X-Received: by 2002:a17:906:3159:: with SMTP id e25mr5485573eje.549.1630690886648;
 Fri, 03 Sep 2021 10:41:26 -0700 (PDT)
MIME-Version: 1.0
References: <CABTDVhBRpD=nWBk2xGLEmdcWwOzCeqGeqH5vLSugPFOeEN9Mog@mail.gmail.com>
 <CAF+90c-kLHe-M4jcMRa=_8Lhakcyrtam109WKga6XLQqmJYp0Q@mail.gmail.com>
In-Reply-To: <CAF+90c-kLHe-M4jcMRa=_8Lhakcyrtam109WKga6XLQqmJYp0Q@mail.gmail.com>
Date: Sat, 4 Sep 2021 02:41:15 +0900
Message-ID: <CABTDVhBYB1-TkxTNPCkedE0k0UBWv0eUNfmSr+KDWkpgcw12JA@mail.gmail.com>
To: Nikita Popov <nikita.ppv@gmail.com>, PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000009a5e105cb1acf64"
Subject: Re: [PHP-DEV] [RFC] Random Extension 3.0
From: zeriyoshi@gmail.com (Go Kudo)

--00000000000009a5e105cb1acf64
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thanks nikita.

> ext/standard to ext/random. Why does it do this?

There are several reasons for this.

- The `random` extension name is already used by ext/standard and may
interfere with the build system.
- Due to the namespace rules for new extensions, it is inappropriate to
rename an extension.
- Due to history, the rand / mt_rand dependency is tricky and I thought it
was time to sort it out.
- I don't think it's a good idea to have multiple header files for a single
domain feature.
- As stated in the Future Scope, I wanted to be in a position to eliminate
module global random number state in the future.
- The existing implementation and the object implementation share most of
the same logic. It was necessary to merge them into one to make them common=
.

I certainly didn't want to require a workaround for PHP 8.2 or later for
extensions that depended on ext/standard respectively, but I decided that I
had no choice for the above reasons.

> just don't make it a requirement.

I would like to modify the design.

> I don't think it makes sense to switch these functions to use
cryptographic randomness by default...

While these may not need to be cryptographically secure, I don't think they
need to be state-dependent as well. Probably no one would look at the
function name and think that it depends on the module global state.

php_random_int() doesn't have any state anywhere (except OS) and can
generate the requested random number. I don't see any problem with these
functions using php_random_int() as a random number source.

Regards,
Go Kudo


2021=E5=B9=B49=E6=9C=884=E6=97=A5(=E5=9C=9F) 1:02 Nikita Popov <nikita.ppv@=
gmail.com>:

> On Thu, Sep 2, 2021 at 5:10 PM Go Kudo <zeriyoshi@gmail.com> wrote:
>
>> Hi Internals.
>>
>> Expanded from the previous RFC and changed it to an RFC that organizes t=
he
>> whole PHP random number generator. Also, the target version has been
>> changed to 8.2.
>>
>> https://wiki.php.net/rfc/rng_extension
>> https://github.com/php/php-src/pull/7453
>>
>> Hopefully you will get some good responses.
>>
>
> This looks pretty nice to me. A few bits of feedback:
>
>  * Unlike the previous versions of the RFC, this one also moves all of th=
e
> existing RNG-related functionality from ext/standard to ext/random. Why
> does it do this? This doesn't really seem related to the problem this RFC
> is solving.
>
>  * Regarding the abstract class Random\NumberGenerator: You currently nee=
d
> the abstract class, because php_random_ng is tied to the object. An
> alternative design that would allow Random\NumberGenerator to be an
> interface would be to make it independent of the object, such that the
> structure can be allocated in the Random constructor for userland
> implementations. Of course, internal implementations could still embed it
> as part of their objects -- just don't make it a requirement.
>
>  * The future scope mentions: "Changes random source to php_random_int() =
a
> shuffle(), str_shuffle(), and array_rand()". I don't think it makes sense
> to switch these functions to use cryptographic randomness by default...
>
> Regards,
> Nikita
>

--00000000000009a5e105cb1acf64--