Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118265 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 43408 invoked from network); 15 Jul 2022 13:59:48 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 15 Jul 2022 13:59:48 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 5723E1804B1 for ; Fri, 15 Jul 2022 08:55:04 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_40,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-ed1-f43.google.com (mail-ed1-f43.google.com [209.85.208.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 15 Jul 2022 08:55:03 -0700 (PDT) Received: by mail-ed1-f43.google.com with SMTP id eq6so6828341edb.6 for ; Fri, 15 Jul 2022 08:55:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=fSduW8Qal1uDjmGDzwNfu+srjPBhgaYM5X/BiT81XKI=; b=MRQDZT9KxO23fHCQn2dcjtU393YtWJVh+NCnqR1O1lWJu0VDyEA5WJoYrS+saWc0GQ LsvSTpy8VNvQoR11p44UImgezhbOOH9XHj0aYjK+IR+U6lTOrYEOAraquQiyMrjy8BV9 w9yXW2k/NmHL0LsGw3NSEi6qg1zPGkjMsZD+HrWG3wDiB9aAier+2kq8IoMAr96u4IuN Nhm6xLysGW2A/MYrKVPzeEr3uShBCdupiFTP2u0KhKoEzgi04DqizgayRydH7Q8y47Ui EjQ2pNap3BOKDijGkXfvMKLpRgkVNiiuGP7229l/S41vYP1YLqZVLTJ9GARHYzlD5UYs 18Pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=fSduW8Qal1uDjmGDzwNfu+srjPBhgaYM5X/BiT81XKI=; b=J+/OzF8tcwXCd5qqvCtuaFAsdF/7PuZzAMG8KEUzdwUsm5h6EqQWr/k9CsdLxAQYuU bh4HwpgVvccx6oCMbsB9CSE8j8zfuyxf5DbqR4vpZPqHUEZBahEGBf+YZzxoFs3GLj9S 6kup4inSizP9sb+SlEWsywXr25voy3IuZdnHjUE40BreMZpJB6FSErmKMYpVADNJntYO HqdpniornNmrdIZSyC5nY8G4RQtSmVjg3S32cYse4sPR9eYo0CMmEmOMNucFBf+A2PXp 0sXlRX3PSOuaEv0XJR/FHxMi3TgVJFWzoH9ZdbWIA1eLc2vXw+c9vOK7kvBGAXe5g8C0 OoAA== X-Gm-Message-State: AJIora93wkRD9/peZ7UKpEo4tiP+eNctkcVZqZzMhB7KGHkNvikvYaLJ epsZkk9ucEpF1tq//xWkdjbYwm6/aPksZCp7DalAQoXgqoQ= X-Google-Smtp-Source: AGRyM1vc8B1gkYz+MFB3HM4rkfpGQUiGp24+3hqGRMAvvalmUTLdQUPi1W1gZcmnMaMFzkLznz8IzAAAPIsf7iTeX4M= X-Received: by 2002:a05:6402:304d:b0:43a:9d08:9613 with SMTP id bs13-20020a056402304d00b0043a9d089613mr19273677edb.289.1657900502539; Fri, 15 Jul 2022 08:55:02 -0700 (PDT) MIME-Version: 1.0 Date: Sat, 16 Jul 2022 00:54:51 +0900 Message-ID: To: PHP internals Content-Type: multipart/alternative; boundary="00000000000086e21b05e3da0a02" Subject: What do you think CSPRNG in PHP From: zeriyoshi@gmail.com (Go Kudo) --00000000000086e21b05e3da0a02 Content-Type: text/plain; charset="UTF-8" Hi Internals. Random Extension is accepted and being implemented in PHP 8.2. Many thanks for the review. The changes to enable arc4random in glibc were recently merged. https://github.com/php/php-src/pull/8984 This has the effect of reducing the number of getrandom system calls issued on Linux, which is effective in improving performance. However, this will only work in environments that use GNU libc, and will not work on Linuxes that use other libc (e.g. Alpine Linux that uses musl). As we discussed a bit above in PR (which is inherently a bad thing, because it's not a good thing), the following is an example of a "good" PR campaign Apologies), if we could implement CSPRNG on PHP, for example, it would improve performance on all platforms. However, there are several challenges to this. - Increased maintenance costs - Requires optimization for CPU architecture - Requires familiarity with CSPRNG PHP already bundles xxHash and appears ready to make this happen. Also, an appropriate CSPRNG implementation may be able to resolve the current complex macro branching. What do you think about this? Regards Go Kudo --00000000000086e21b05e3da0a02--