Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118300
Return-Path: <jakub.php@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 68949 invoked from network); 25 Jul 2022 09:35:06 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 25 Jul 2022 09:35:06 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id DC59B180506
	for <internals@lists.php.net>; Mon, 25 Jul 2022 04:32:51 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,
	FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,
	HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <jakub.php@gmail.com>
Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 25 Jul 2022 04:32:51 -0700 (PDT)
Received: by mail-ej1-f50.google.com with SMTP id ez10so19887502ejc.13
        for <internals@lists.php.net>; Mon, 25 Jul 2022 04:32:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=0JqDeq6CcmoiklT2Ppyc7wdCakWz/SVEy/ShkHdCvzM=;
        b=QdxyausEYgSVlWMiOg2Yej7m/c25aT94il968fHwW6jWYfdFnBoP7+HHHRzTNZ/wWO
         ompaB0kkETCvQEMYhmR7eXehhkkMrrKnDXtceg3G+NA4t7nXbyJColOE2V9mLMiUzpEk
         DeBg2ACBP2OawyZBXJrJlnDx03eFYZ52jCfLXPSxdVMIN0oZ44hnu9YK0caQUjAMqRA+
         z7IW7AzysaeZwzk0x6zbgTdDHpI7dH1DWMvUtkUPKuf6TD2OV9AcQJZ/gJrY7UpMkFFa
         aSlTwNFHIxwmdNi0Dp5FlHBRcStdoqCZVGSJSQNMfYhmNsbjjdVuEzBngLmDmGVmwFc5
         aRKg==
X-Gm-Message-State: AJIora9LjRJx9jxTwN197veuWK9cqxEaBu65c7fzTacAyn1/nuURLJq3
	pFFoMdiLbS7aieMiF9Uktn0L+20jEIjG2r9LUWg=
X-Google-Smtp-Source: AGRyM1uUnhs4/iVKox/FBeZApcPpT63D+a9jw8prSRzjOX1QwSQqhVzVbSGyMcyU19Y1LNwhs6r1ZFY97HluIVMemIA=
X-Received: by 2002:a17:906:7482:b0:722:edf9:e72f with SMTP id
 e2-20020a170906748200b00722edf9e72fmr9535458ejl.92.1658748770289; Mon, 25 Jul
 2022 04:32:50 -0700 (PDT)
MIME-Version: 1.0
References: <CABTDVhC4J8WuKj4SdVK6hbZX2k7qrPDVCQ2g1Yb_4k4Hf5MEQQ@mail.gmail.com>
 <aa395f78-aebe-d52c-a419-aa0effeb64df@bastelstu.be> <CABTDVhDC6K37N6E_wJxzyrqSX2RsPL-OryW6BOOApUD2W_e94Q@mail.gmail.com>
In-Reply-To: <CABTDVhDC6K37N6E_wJxzyrqSX2RsPL-OryW6BOOApUD2W_e94Q@mail.gmail.com>
Date: Mon, 25 Jul 2022 12:32:39 +0100
Message-ID: <CAEKnhAF4XsF6y98roSGtCmFn7K+cak2hXDYsbk8KVuqXXEwtOQ@mail.gmail.com>
To: Go Kudo <zeriyoshi@gmail.com>
Cc: =?UTF-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000398e2d05e49f8b5e"
Subject: Re: [PHP-DEV] What do you think CSPRNG in PHP
From: bukka@php.net (Jakub Zelenka)

--000000000000398e2d05e49f8b5e
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 25, 2022 at 12:14 PM Go Kudo <zeriyoshi@gmail.com> wrote:

> 2022=E5=B9=B47=E6=9C=8817=E6=97=A5(=E6=97=A5) 6:33 Tim D=C3=BCsterhus <ti=
m@bastelstu.be>:
>
> > Hi
> >
> > On 7/15/22 17:54, Go Kudo wrote:
> > > However, there are several challenges to this.
> > >
> > > - Increased maintenance costs
> > > - Requires optimization for CPU architecture
> > > - Requires familiarity with CSPRNG
> > >
> > > PHP already bundles xxHash and appears ready to make this happen.
> > >
> > > Also, an appropriate CSPRNG implementation may be able to resolve the
> > > current complex macro branching.
> > >
> > > What do you think about this?
> >
> > This would be a strong no from my side. There's all types of failure
> > modes that decrease the security of the CSPRNG (i.e. making it insecure=
)
> > and we really don't want to be the ones to blame if something goes
> > wrong. And historically many non-kernel CSPRNGs later proved to be
> > insecure in specific situations.
> >
> > I also would assume that for a typical PHP application both of the
> > following is true:
> > - The majority of the requests don't need any randomness.
> > - The majority of the requests that *need* randomness don't need any
> > significant amount of randomness.
> > - The majority of the requests that need significant amounts of
> > randomness are fine with a regular PRNG (e.g. Xoshiro or Pcg).
> > - The cost of a few getrandom() syscalls is not really measurable
> > compared to the time spent waiting for the database, file IO or templat=
e
> > rendering.
> >
> > Attempting to optimize the speed of the CSPRNG is premature
> > optimization. That also the reason why I suggested to use the 'Secure'
> > engine by default in the Randomizer: It's a safe default choice for the
> > vast majority of users.
> >
> > Personally I likely wouldn't have merged the PR in question for the sam=
e
> > reasons. But at least in that case glibc is at fault :-)
> >
> > Best regards
> > Tim D=C3=BCsterhus
> >
>
> Hi Tim.
>
> You are right. Implementing a CSPRNG on your own obviously increases
> maintenance costs and security risks.
>
> However, I still think the overhead of the getrandom syscall in a Linux
> environment is significant and should be considered.
>

There is already a good CSPRNG available in OpenSSL which we expose
with openssl_random_pseudo_bytes (except on Windows which is historical and
should change) so for those that are impacted by the syscall overhead, this
might be the best option considering that most users are using at least
OpenSSL version 1.1.1 where the new CSPRNG is available.

Regards

Jakub

--000000000000398e2d05e49f8b5e--