Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118301
Return-Path: <zeriyoshi@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 72061 invoked from network); 25 Jul 2022 10:10:47 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 25 Jul 2022 10:10:47 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 400191804AB
	for <internals@lists.php.net>; Mon, 25 Jul 2022 05:08:31 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,
	SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <zeriyoshi@gmail.com>
Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 25 Jul 2022 05:08:30 -0700 (PDT)
Received: by mail-ot1-f43.google.com with SMTP id br15-20020a056830390f00b0061c9d73b8bdso8509802otb.6
        for <internals@lists.php.net>; Mon, 25 Jul 2022 05:08:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=fSCVUoqlUAypKdsHmGzsxM5MUCXmjLsOWDyplYAKAJI=;
        b=UYYlYcj1/oQleNlKMY/5pC5S35POZ8n+twOSrcGljgPhwQbYFVGJ7ZM9TR1o4CsIy6
         DMeT37++rhWIB+5EnHVCI19eRiTeTNZCcMkHZ7SGEfuYILc/7ICMd40PHxeKoRYmICnm
         spdjbw81GhOF6YCVZThCjIG/A93xiz2fFxF5LhtSIKmHreuNIZlMYAGTFE96wBEXtOt4
         2+WLUyTOBCXURE14o8+/VqFfQjsZP4LaVWQEEPRYZlVSJME5SqmkN4IgvREToMIDq+oo
         jFiFMpTlbm+80XbeVEWTTVqlRbcJIJcifxJ1fLoT/wOFoDzjzQRv2fQ8gfete2Xfiu+u
         epvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=fSCVUoqlUAypKdsHmGzsxM5MUCXmjLsOWDyplYAKAJI=;
        b=UFO/3iasGYo+DmbuLW1H0zgrqtW0KucKGfvuIKZTPCt7c3K3ex1H9nG4YUbMf7EuP4
         aeqwAah5hF7WiDOppvUdk5SBi2w1TXABzcr6ulTs2/Qv1JGxJTRhdx0MKu6aRBf9g8iI
         sopEzl/+8P0lxaXoArcpScHdls8gh5PzHwzuEgwrQEBZS6GwN/hWqOIaaGwcjFY3x/HF
         uomrZGBLnZUSghZ196zwHY/e18v6VZgXOsd3bw0JFmI15Okp+0UxBVt5cKfYP4p5B2vC
         ne+q2iMbxF11RzKJmC6DTtwiDCy3++N7EZI1Ly/UFQjWGazk8QRyx8i5BctZRAxGlMUR
         t0lA==
X-Gm-Message-State: AJIora9fTzVcq5NSy+nbgrSSTkRSag2klKSNnuIcNh8poH6nTpV54SR8
	5Og84Z5oe79iArUw0AUh2zCumMfOm9i5meFX9Ig=
X-Google-Smtp-Source: AGRyM1s471+R2V+jjGcJ7VC3D9Yvh0R17bnJLyojpv7KuIgVZhmWzpvJPD0fXOu3pV+k44heyicQx6hkdE6U9GnRdw4=
X-Received: by 2002:a9d:f41:0:b0:61c:f936:943f with SMTP id
 59-20020a9d0f41000000b0061cf936943fmr2008863ott.305.1658750908412; Mon, 25
 Jul 2022 05:08:28 -0700 (PDT)
MIME-Version: 1.0
References: <CABTDVhC4J8WuKj4SdVK6hbZX2k7qrPDVCQ2g1Yb_4k4Hf5MEQQ@mail.gmail.com>
 <aa395f78-aebe-d52c-a419-aa0effeb64df@bastelstu.be> <CABTDVhDC6K37N6E_wJxzyrqSX2RsPL-OryW6BOOApUD2W_e94Q@mail.gmail.com>
 <CAEKnhAF4XsF6y98roSGtCmFn7K+cak2hXDYsbk8KVuqXXEwtOQ@mail.gmail.com>
In-Reply-To: <CAEKnhAF4XsF6y98roSGtCmFn7K+cak2hXDYsbk8KVuqXXEwtOQ@mail.gmail.com>
Date: Mon, 25 Jul 2022 21:08:17 +0900
Message-ID: <CABTDVhCmnEJCMZRLKrJA45LHnY6a1dHV0F17PSvpp20W_N0WoQ@mail.gmail.com>
To: Jakub Zelenka <bukka@php.net>, PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000aab8f805e4a00a10"
Subject: Re: [PHP-DEV] What do you think CSPRNG in PHP
From: zeriyoshi@gmail.com (Go Kudo)

--000000000000aab8f805e4a00a10
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

2022=E5=B9=B47=E6=9C=8825=E6=97=A5(=E6=9C=88) 20:32 Jakub Zelenka <bukka@ph=
p.net>:

>
>
> On Mon, Jul 25, 2022 at 12:14 PM Go Kudo <zeriyoshi@gmail.com> wrote:
>
>> 2022=E5=B9=B47=E6=9C=8817=E6=97=A5(=E6=97=A5) 6:33 Tim D=C3=BCsterhus <t=
im@bastelstu.be>:
>>
>> > Hi
>> >
>> > On 7/15/22 17:54, Go Kudo wrote:
>> > > However, there are several challenges to this.
>> > >
>> > > - Increased maintenance costs
>> > > - Requires optimization for CPU architecture
>> > > - Requires familiarity with CSPRNG
>> > >
>> > > PHP already bundles xxHash and appears ready to make this happen.
>> > >
>> > > Also, an appropriate CSPRNG implementation may be able to resolve th=
e
>> > > current complex macro branching.
>> > >
>> > > What do you think about this?
>> >
>> > This would be a strong no from my side. There's all types of failure
>> > modes that decrease the security of the CSPRNG (i.e. making it insecur=
e)
>> > and we really don't want to be the ones to blame if something goes
>> > wrong. And historically many non-kernel CSPRNGs later proved to be
>> > insecure in specific situations.
>> >
>> > I also would assume that for a typical PHP application both of the
>> > following is true:
>> > - The majority of the requests don't need any randomness.
>> > - The majority of the requests that *need* randomness don't need any
>> > significant amount of randomness.
>> > - The majority of the requests that need significant amounts of
>> > randomness are fine with a regular PRNG (e.g. Xoshiro or Pcg).
>> > - The cost of a few getrandom() syscalls is not really measurable
>> > compared to the time spent waiting for the database, file IO or templa=
te
>> > rendering.
>> >
>> > Attempting to optimize the speed of the CSPRNG is premature
>> > optimization. That also the reason why I suggested to use the 'Secure'
>> > engine by default in the Randomizer: It's a safe default choice for th=
e
>> > vast majority of users.
>> >
>> > Personally I likely wouldn't have merged the PR in question for the sa=
me
>> > reasons. But at least in that case glibc is at fault :-)
>> >
>> > Best regards
>> > Tim D=C3=BCsterhus
>> >
>>
>> Hi Tim.
>>
>> You are right. Implementing a CSPRNG on your own obviously increases
>> maintenance costs and security risks.
>>
>> However, I still think the overhead of the getrandom syscall in a Linux
>> environment is significant and should be considered.
>>
>
> There is already a good CSPRNG available in OpenSSL which we expose
> with openssl_random_pseudo_bytes (except on Windows which is historical a=
nd
> should change) so for those that are impacted by the syscall overhead, th=
is
> might be the best option considering that most users are using at least
> OpenSSL version 1.1.1 where the new CSPRNG is available.
>
> Regards
>
> Jakub
>

Hi (Sorry, I sent you directly)

Indeed, But ext-openssl is not always available.
To use it in a ext-session, etc., it must be bundled reliably.

Best Regards
Go Kudo

--000000000000aab8f805e4a00a10--