Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118304
Return-Path: <tim@bastelstu.be>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 97378 invoked from network); 25 Jul 2022 15:29:11 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 25 Jul 2022 15:29:11 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 9C0481804BE
	for <internals@lists.php.net>; Mon, 25 Jul 2022 10:27:00 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS24940 176.9.0.0/16
X-Spam-Virus: No
X-Envelope-From: <tim@bastelstu.be>
Received: from chrono.xqk7.com (chrono.xqk7.com [176.9.45.72])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 25 Jul 2022 10:26:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bastelstu.be;
	s=mail20171119; t=1658770018;
	bh=4lu2+GOfcXQWww4hkmUAqTjuWklUFf029NUtXP7LYZM=;
	h=Date:Subject:To:References:From:In-Reply-To:From;
	b=c8ukrNtvA4EHEf1A+ZaCo8MelLhgsewf3xym0X1M4nBoJFab80WzMvTxtjk/h0s+e
	 1KvzM/APEiW8L3GhP8wA+F8KiRamx8FE3DnSVcsgj4/Y7yIhmslr/Tas/pvEWQ/CTX
	 mJTej9y/DBSMy7AzVdDL0pG96GwJ3rLYxncdSyL+IVvEKBJM372i9RFXWbhhHdLPYE
	 m3aXiJTcD7M31rJAzbwp0uTW67rLyfHAiEPuNe1rGtg80UCLY0vBGqDRG1cqGQKy7a
	 CYDtafnNqtR9tfmhQXbKOi+lPB61jndaI/zQpU+8l9ZoUpngEzcToHGBOnIVn7eWgU
	 /y5rYZ4JPZEfg==
Message-ID: <a52269f2-eddd-7f7a-03eb-87fdaa04caf0@bastelstu.be>
Date: Mon, 25 Jul 2022 19:26:55 +0200
MIME-Version: 1.0
Content-Language: en-US
To: Go Kudo <zeriyoshi@gmail.com>, PHP internals <internals@lists.php.net>
References: <CABTDVhC4J8WuKj4SdVK6hbZX2k7qrPDVCQ2g1Yb_4k4Hf5MEQQ@mail.gmail.com>
 <aa395f78-aebe-d52c-a419-aa0effeb64df@bastelstu.be>
 <CABTDVhDC6K37N6E_wJxzyrqSX2RsPL-OryW6BOOApUD2W_e94Q@mail.gmail.com>
In-Reply-To: <CABTDVhDC6K37N6E_wJxzyrqSX2RsPL-OryW6BOOApUD2W_e94Q@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] What do you think CSPRNG in PHP
From: tim@bastelstu.be (=?UTF-8?Q?Tim_D=c3=bcsterhus?=)

Hi

On 7/25/22 13:14, Go Kudo wrote:
> However, I still think the overhead of the getrandom syscall in a Linux
> environment is significant and should be considered.

I disagree. On my Intel(R) Core(TM) i5-2430M with Ubuntu 20.04 with 
Linux 5.4.0-123-generic I can call random_bytes(16) (128 Bits of 
randomness which is sufficient for ~everything) 100000 times in ~140ms:

<?php

for ($i = 0; $i < 100000; $i++) {
     $foo = random_bytes(16);
}

The same script modified to just set `$foo = is_int(1)` runs in 20ms:

<?php

for ($i = 0; $i < 100000; $i++) {
	$foo = is_int(1);
}

Thus the time of syscalling getrandom() on my machine (which definitely 
is not modern hardware) 100k times is 120ms or 1.2us per call.

> I would suggest deprecating mt_srand()/srand() and using php_random_bytes()
> in sessions etc. for PHP 8.3 for better security.

Syscalling getrandom() a few times to seed a PRNG or to generate a 
session ID is not going to have a measurable effect. As I said in my 
previous email:

"The cost of a few getrandom() syscalls is not really measurable
compared to the time spent waiting for the database, file IO or template
rendering."

> I think this is a safe implementation due to the nature of CSPRNG, what do
> you think?
> 

I'm pretty sure the implementation is unsafe when the process calls 
fork() which might happen with 
https://www.php.net/manual/en/function.pcntl-fork.php.

The *only thing* I trust with actually generating proper 
cryptographically secure randomness is the kernel. Non-kernel 
implementations have proven to be insecure over and over again.

Best regards
Tim Düsterhus