Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:120675
Return-Path: <kudo.go.1133@colopl.co.jp>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 33000 invoked from network); 26 Jun 2023 06:45:40 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 26 Jun 2023 06:45:40 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id EDCF41804B0
	for <internals@lists.php.net>; Sun, 25 Jun 2023 23:45:38 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <kudo.go.1133@colopl.co.jp>
Received: from mail-qv1-f45.google.com (mail-qv1-f45.google.com [209.85.219.45])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sun, 25 Jun 2023 23:45:38 -0700 (PDT)
Received: by mail-qv1-f45.google.com with SMTP id 6a1803df08f44-635d9d6daabso9888576d6.0
        for <internals@lists.php.net>; Sun, 25 Jun 2023 23:45:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=colopl.co.jp; s=google; t=1687761937; x=1690353937;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=eVlXTUEcXX37kJOU4n3IAQAL5w8wHdgVp3gJfItcVf8=;
        b=RhB4HZ61yuuysWpl7EEsYvYNcvIcKyxMKWqMJf4NUq7NrSJD4AwVJZV4Z5GIEog6Bq
         hHuEKg6PjnjgluXLsFuAfmlu89M8fq1RsB7Pz/1SuW7TA686P5ZqNQAVSYhOjyQjtG4z
         7TsyWOPUi7F1xHgh7Pno9uJRldb6KNJWV0T6m0x4VKjapAPDQSGTJMf2aJrldrnkLt3U
         pzAdzebqCrwc597eTkJ+AqgMlqo/EptgpWSTmlTZp3XqCFsXvpuKAnePavrzhCNM06Zj
         dN5GFkf02FOIPmG9MlstVGe9bKZbe7N8qSaEkld46JgIjfb+8/pr6h9QTLR3ppdfN0WW
         FMeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1687761937; x=1690353937;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=eVlXTUEcXX37kJOU4n3IAQAL5w8wHdgVp3gJfItcVf8=;
        b=hVGOcptOpjHj6CkeQlEXTvPsAWP0Giqy1irE6j574TS4zxnRMmyr/1/jjr9wT5488g
         N0vEz6rBnVJQPP0ek88IssJ/Ta6/k8DW44e1qlYz8G7VAANLsNP+Olxlw+wYvdRqo2mi
         vvCP72JzZVTQ7rtF1gAH6KtiMSqfaVVoLYsmeqfPCEm7V6/ESpPnqMysGRxsYu7KeR42
         N1MJ6PRzoBxNecOVwZreVhdqp/Rl64VXlXRoUQMlgQjYMhasWQvA+Sxm3idmjrTO7KdB
         7VmIi3HfwaBsIf8V+Ca/eMQ/bIVpD0CXh3m5iKAZ6DJbDvk2nZtkSuEj2NO9r3o4pemm
         ojwQ==
X-Gm-Message-State: AC+VfDwDeL+KMZVebtnGlxBJsmlBEujs2sbhPLdg8D3sSOy3LlYxFW+0
	FWnNJnuV/DMRjPvFyjQ5eaJ66USEf18VteKu5nqEo/OB+0HJC+txOzLC
X-Google-Smtp-Source: ACHHUZ5qP40R7AhMhQ+ILUd5x+SaSc6VAE5BH0gMVCV+MgdKBuXgJVYv1YsWt2hU73ojan6CuSlv7cpgKJ+Lzfk1pfo=
X-Received: by 2002:a05:6214:2aa8:b0:634:9400:a29e with SMTP id
 js8-20020a0562142aa800b006349400a29emr8140107qvb.4.1687761936926; Sun, 25 Jun
 2023 23:45:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAH5C8xU7j-Qn9Vcry19Ug675CTj0sSjpMs-GPNYNHJJ7KsPwXg@mail.gmail.com>
 <6e42df4a-1331-4a88-bf67-2e4079a8b527@app.fastmail.com>
In-Reply-To: <6e42df4a-1331-4a88-bf67-2e4079a8b527@app.fastmail.com>
Date: Mon, 26 Jun 2023 15:45:26 +0900
Message-ID: <CAMs36He8DPb=VJKnwFOE9Yq68Uuf0_BDtB16xQ9G+ZwsgqQScw@mail.gmail.com>
To: internals@lists.php.net, "nikita.ppv@gmail.com" <nikita.ppv@gmail.com>, 
	=?UTF-8?Q?Tim_D=C3=BCsterhus?= <timwolla@bastelstu.be>
Content-Type: multipart/alternative; boundary="000000000000b7631105ff02b226"
Subject: Re: [PHP-DEV] [RFC] [Vote] PHP 8.3 deprecations
From: g-kudo@colopl.co.jp (Go Kudo)

--000000000000b7631105ff02b226
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

2023=E5=B9=B46=E6=9C=8824=E6=97=A5(=E5=9C=9F) 22:56 Nikita Popov <nikita.pp=
v@gmail.com>:

> On Thu, Jun 22, 2023, at 12:14, M=C3=A1t=C3=A9 Kocsis wrote:
> > Hi Everyone,
> >
> > As previously announced on the list, we have just started the vote abou=
t
> > the annual PHP deprecation RFC.
> >
> > Link to the RFC: https://wiki.php.net/rfc/deprecations_php_8_3
> > Link to the discussion thread: https://externals.io/message/120422
> >
> > The vote is open until 2023-07-06 12:00:00 UTC.
>
> I've voted No on the mt_rand() deprecation proposal. This is a high impac=
t
> deprecation without sufficient justification.
>
> I believe this proposal would have been much better served deprecating
> only the srand() and mt_srand() functions, as I previously suggested. Goi=
ng
> through the arguments against mt_rand() in the RFC:
> > They are not cryptographically secure.
>
> This is a feature, not a bug. Not everything needs or wants
> cryptographically secure random numbers. There's a reason we support both=
.
>
> > They are not properly reproducible, because the state could be changed
> unpredictably by any function call, e.g. when a library is updated and ad=
ds
> additional calls to `mt_rand <http://www.php.net/mt_rand>()`.
>
> This is addressed by deprecating mt_srand() only, making Randomizer the
> only way to get reproducible random number sequences, and relegating
> mt_rand() to only the cases where reproducibility is not required.
>
> > Any function calling `mt_srand <http://www.php.net/mt_srand>()` with a
> fixed seed for whatever reason, will ruin randomness for the remainder of
> the request.
>
> Deprecating (and removing) mt_srand() address this one trivially.
>
> > PHP's Mt19937 implementation only supports passing a single 32 bit
> integer as the initial seed. Thus there are only ~4 billion possible
> sequences of random integers generated by Mt19937. If a random seed is
> used, collisions are expected with 50% probability after roughly 2**16
> seeds (as per the birthday paradox). In other words: After roughly 80000
> requests without explicit seeding it is likely that a seed and thus a
> sequence is reused.
>
> Deprecating (and removing) allows us to address this as well, as we are n=
o
> longer bound to a specific PRNG algorithm or seeding procedure.
>
> > Both the quality of the returned randomness as well as the generation
> performance of Mt19937 is worse than that of the Xoshiro256StarStar and
> PcgOneseq128XslRr64 engines that are provided in the object-oriented API.
>
> Same as previous point: If we don't allow seeding we can change the
> algorithm however we like.
>
> > They are functions with overloaded signatures <
> https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures>,
> which are problematic for the reasons outlined in the =E2=80=9CDeprecate =
functions
> with overloaded signatures <
> https://wiki.php.net/rfc/deprecate_functions_with_overloaded_signatures>=
=E2=80=9D
> RFC.
>
> While this is technically true, the particular overload in question here
> is a very mild and unproblematic one. It only enforces that the function =
is
> called with zero or two arguments, forbidding one argument. It does not
> require accepting different combinations of argument types, or change the
> meaning of arguments, which is what makes overloads problematic.
>
>
> I think the only somewhat sound motivation for this deprecation is that
> programmers may use the non-cryptographic mt_rand() in a context where
> cryptographic numbers are required. This is a legitimate concern, but I
> don't think it's sufficient to deprecate such a widely used function.
>
> For the longest time, we only had mt_rand(), and no easy access to a
> CRPRNG. A lot of mt_rand() misuse dates back to that time. Since the
> introduction of random_int() and random_string(), getting cryptographic
> randomness is no harder than getting non-cryptographic randomness (easier=
,
> in the case of strings).
>
> Regards,
> Nikita


Hi.

Thank you for your valuable input. I would like to ask you a few questions.

I think you are right that deprecating `srand()` / `mt_srand()` achieves
the goal of making it unavailable for reproducible uses. But why keep the
function name `mt_rand()`?

It is certainly true that by prohibiting seeding, the PRNG algorithm can be
modified at will. But then the `mt` in `mt_rand()` would be out of touch
with reality. If this is done merely to maintain code compatibility, then
it is not a good idea to keep naming only for compatibility.

Also, `mt_rand()` has the problem of depending on the global state of the
PHP VM. This is very dangerous in forked use cases such as Swoole, where
implicitly seeded random numbers can return the exact same result in the
post-fork process. To avoid this, the sequence must be reseeded again after
the fork is executed. If only `srand()` / `mt_srand()` is deprecated, this
cannot be avoided.

The only way to completely solve this problem is to have no random number
states in the global area. For this reason, I think everything should be
deprecated. If you need pure random numbers without the need for
reproducibility, we already have `random_int()` available. This is the only
complete and safe way.

Most of all, while `mt_rand()` is deprecated, we can wait for PHP 9 to
actually remove it from the core. By that time, migration methods using
tools such as Rector will probably have become major. The purpose of the
deprecation is to avoid including it in new codebases that will be written
in the future.

I look forward to your reply.

Best Regards,
Go Kudo

--000000000000b7631105ff02b226--