Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:40693
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: error (pb1.pair.com: domain macvicar.net from 193.227.246.108 cause and error)
References: <B4142BDF-7319-4AB4-8274-376FAEE822CC@macvicar.net> <48DC09CB.4010606@suse.de>
Message-ID: <4678351D-D03F-469E-ADB9-D6ABC75DC633@macvicar.net>
To: =?utf-8?Q?Cristian_Rodr=C3=ADguez?= <crrodriguez@suse.de>
In-Reply-To: <48DC09CB.4010606@suse.de>
Content-Type: text/plain;
	charset=utf-8;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (iPhone Mail 5F136)
Date: Thu, 25 Sep 2008 23:16:02 +0100
Cc: PHP Developers Mailing List <internals@lists.php.net>
X-Spam_Report: Spam detection software, running on the system "lovelace.midden.org.uk", has
	identified this incoming email as possible spam.  The original message
	has been attached to this so you can view it (if it isn't spam) or label
	similar future email.  If you have any questions, see
	the administrator of that system for details.
	Content preview:  On 25 Sep 2008, at 22:59, Cristian Rodríguez <crrodriguez@suse.de>
	wrote: > Scott MacVicar escribió: >> Hi All, >> >> Attached and uploaded
	[1] is a patch to add the OpenSSL random pseudo >> byte function, at the
	moment it will return FALSE if the bytes aren't >> considered cryptographically
	strong, I am however considering making >> this parameter controlled. >>
	>> Any objections to me applying this to 5.3? >> >> Scott >> -- >> [1] - http://whisky.macvicar.net/patches/openssl_prg.patch.txt
	>> >> > > What is the status of this ? I see nothing that can break with
	this > patch, but I would suggest the function to take the second argument
	by > value instead of by reference, valid code like > > <?php > > $activation_code
	= md5(openssl_random_pseudo_bytes(128, true)); > > ?> > > causes a Fatal
	error: Only variables can be passed by [...] 
	Content analysis details:   (-4.4 points, 5.0 required)
	pts rule name              description
	---- ---------------------- --------------------------------------------------
	-1.8 ALL_TRUSTED            Passed through trusted hosts only via SMTP
	-2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
	[score: 0.0000]
Subject: Re: [PHP-DEV] OpenSSL random pseudo bytes
From: scott@macvicar.net (Scott MacVicar)



On 25 Sep 2008, at 22:59, Cristian Rodr=C3=ADguez <crrodriguez@suse.de> =20=

wrote:

> Scott MacVicar escribi=C3=B3:
>> Hi All,
>>
>> Attached and uploaded [1] is a patch to add the OpenSSL random pseudo
>> byte function, at the moment it will return FALSE if the bytes aren't
>> considered cryptographically strong, I am however considering making
>> this parameter controlled.
>>
>> Any objections to me applying this to 5.3?
>>
>> Scott
>> --=20
>> [1] - http://whisky.macvicar.net/patches/openssl_prg.patch.txt
>>
>>
>
> What is the status of this ? I see nothing that can break with this
> patch, but I would suggest the function to take the second argument by
> value instead of by reference, valid code like
>
> <?php
>
> $activation_code =3D md5(openssl_random_pseudo_bytes(128, true));
>
> ?>
>
> causes a Fatal error: Only variables can be passed by

The second parameter indicates if the resultant data was strong random =20=

data. It's not an option.

By default it is strong, if it runs out of data it will be weak.

If you don't care don't pass a parameter.

Scott=