Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:117296
Return-Path: <larry@garfieldtech.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 66697 invoked from network); 9 Mar 2022 16:44:10 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 9 Mar 2022 16:44:10 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 23DB018050B
	for <internals@lists.php.net>; Wed,  9 Mar 2022 10:07:27 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS19151 66.111.4.0/24
X-Spam-Virus: Error (Cannot connect to unix socket
	'/var/run/clamav/clamd.ctl': connect: Connection refused)
X-Envelope-From: <larry@garfieldtech.com>
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed,  9 Mar 2022 10:07:26 -0800 (PST)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
	by mailout.nyi.internal (Postfix) with ESMTP id 5604A5C0158
	for <internals@lists.php.net>; Wed,  9 Mar 2022 13:07:25 -0500 (EST)
Received: from imap43 ([10.202.2.93])
  by compute5.internal (MEProxy); Wed, 09 Mar 2022 13:07:25 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:date:date:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=+wdyoXTJeM4ZWP8m2
	xh+J7R/ySxMvXTW7VsNQUPt5I0=; b=kpE7nn4paMm/m8s8fZ+A59z7lN6HH9zKC
	ahVufxl1uNVHZRHwJwwRUYDr3im6ia1gl0aq9GkEeHJhaSQS0is1FJWzoM+JdO7Q
	fhrsZ0PNhA81CVhJ5q2mzJZgd+JoTz0X2gN9NapM6mMFDUwvuHBzo70ib2zaxaB0
	W+ijUGaX0sut4tIRQQsUK6bVEA5m/elj0+b509HnEY2frZJzwakQw+bImNh/cMGi
	gBizhOhuGp2jVD+sRNXFN0s/fe6cIpbth9d2XTMEw3ygJ/VbVv9EVZNtC0XWYYdG
	jxFrMHmXxtUzDvHuh/3JEFTGFnb4RzYlIPIVdfWcmh2sDKbnfSNZA==
X-ME-Sender: <xms:3ewoYk0gZ9f1HMhVra32VQC-VnYzmRJxOQPpSe_I-5nF7CXPXuA6NQ>
    <xme:3ewoYvEK4DLyexyuL4rKGm0_O7JxfL_QV1g_mGAVrbVPAPO2QqTAjxDrufDvK7hUH
    l9ZXEBvSrl13Q>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddruddukedguddtjecutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
    necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
    enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfnfgr
    rhhrhicuifgrrhhfihgvlhgufdcuoehlrghrrhihsehgrghrfhhivghlughtvggthhdrtg
    homheqnecuggftrfgrthhtvghrnhepfeetveffteetueeukeegjeffudeuhedthfevfeeh
    iefhheegheffhedthefgleejnecuffhomhgrihhnpehphhhprdhnvghtpdhgihhthhhusg
    drtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhm
    pehlrghrrhihsehgrghrfhhivghlughtvggthhdrtghomh
X-ME-Proxy: <xmx:3ewoYs6Gxf40BP-fM2DGEniI7TmE5OdGTvZeQt9EC6zgGH8TDz-EsQ>
    <xmx:3ewoYt3lAiDyZQ1HsYGQJ0yyG9LBKxI0OQu-C4oXHRglT3D81Zg7jw>
    <xmx:3ewoYnExwAV0xusYOmIXQaKpcYsu0CgbCEPXray9a8Y4GRkktrvtiw>
    <xmx:3ewoYnHxpnuy0h1pJltAWf8Z4FbNmM1lioDXNJ0qF6jKdT0nf8sO4g>
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 07620AC0E98; Wed,  9 Mar 2022 13:07:25 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.5.0-alpha0-4778-g14fba9972e-fm-20220217.001-g14fba997
Mime-Version: 1.0
Message-ID: <cab85ccc-bef9-43b2-a967-e91553022761@www.fastmail.com>
In-Reply-To: 
 <CAMs36Hco05vXydtM8qUfpcDkj6oKYufifAr-gOr573OwmVtimA@mail.gmail.com>
References: 
 <CAMs36Hco05vXydtM8qUfpcDkj6oKYufifAr-gOr573OwmVtimA@mail.gmail.com>
Date: Wed, 09 Mar 2022 12:06:54 -0600
To: "php internals" <internals@lists.php.net>
Content-Type: text/plain
Subject: Re: [PHP-DEV] [RFC] [Under Discussion] Random Extension 5.x
From: larry@garfieldtech.com ("Larry Garfield")

On Wed, Mar 9, 2022, at 4:48 AM, Go Kudo wrote:
> Hello internals.
>
> Proposed RFCs and implementations have been reorganized. The main changes
> are as follows
>
> https://wiki.php.net/rfc/rng_extension
> https://github.com/php/php-src/pull/8094
>
> - Remove XorShift128Plus, Xoshiro256StarStar
>     - To avoid confusion, Can be added if needed
> - All classes can now omit the seed argument
>     - Seeding with CSPRNG
> - Throws RuntimeException if number generation fails
>
> The merge window to PHP 8.2 will remain open for some time to come. Due to
> the global turmoil, I will try to delay the start of the RFC voting phase
> as long as possible.
>
> However, I believe that PHP RFCs tend to become more controversial once the
> voting phase begins.
>
> Therefore, I would like to solicit feedback on this RFC, whatever it may
> be. (Just only positive or negative feedback would be okay)
>
> Regards,
> Go Kudo

This looks good to me overall, although I have a few comments.

* There's several places where a sentence or portion of a sentence repeats itself.  I assume this is just an editing error.

* The list headers "implemented of" doesn't really make grammatical sense.  I think you mean "implemented by"?

* The last section "PRNG Shootout" seems to imply that you're only implementing one algorithm, but it doesn't say which one.  The earlier sections, though, show several algorithms that you are implementing.  Again, I assume this is an editing error from many revisions but it's confusing as is.

* If no engine is provided to the randomizer, what gets used?  If the default is listed somewhere in the RFC, I missed it.  I'm assuming there should be one, for usability, but changing it in the future would be an RFC-level change (much like changing the defaults for password_hash()).

* The example of using different algorithms in different environments needs much higher billing.  You're burying the lead there.  The ability to have a bad but predictable random seed for tests but then a CSPRNG for production is *huge*.  The approach is similar to the nearly-done PSR-20 spec in FIG, which does essentially the same thing for the "current time" routines, albeit in userspace.  I would highlight this benefit way more, as it's probably the biggest benefit from these changes that most developers will see and has me more excited about this RFC than anything else in the entire document.

* How do the existing random functions interact with the new API?  Do they shift to be shells over the new classes with an internal shared global, or something else?  

* A side effect of the current design is that SeedableEngine is just a marker interface; there's no actual standardized way to set the seed.  The examples imply that passing it as a constructor is the recommended way (and I agree it probably should be), but that's not explicit.  I'm also unclear then what value the marker interface is, then.  Does the randomizer do something different with a seedable engine?  I'm not against the current design, but its explanation/implications could be improved.

Looking forward to this passing in a few weeks!

--Larry Garfield