Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57279 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 75593 invoked from network); 9 Jan 2012 01:56:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 Jan 2012 01:56:32 -0000 Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 207.97.245.183 as permitted sender) X-PHP-List-Original-Sender: fsb@thefsb.org X-Host-Fingerprint: 207.97.245.183 smtp183.iad.emailsrvr.com Linux 2.6 Received: from [207.97.245.183] ([207.97.245.183:54309] helo=smtp183.iad.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 42/B2-53883-F494A0F4 for ; Sun, 08 Jan 2012 20:56:31 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp38.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id DC92A348237 for ; Sun, 8 Jan 2012 20:56:28 -0500 (EST) X-Virus-Scanned: OK Received: by smtp38.relay.iad1a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 93490348134 for ; Sun, 8 Jan 2012 20:56:28 -0500 (EST) User-Agent: Microsoft-MacOutlook/14.13.0.110805 Date: Sun, 08 Jan 2012 20:56:24 -0500 To: "internals@lists.php.net" Message-ID: Thread-Topic: [PHP-DEV] [RFC] Platform and extension-independent API to the system CSPRNG In-Reply-To: Mime-version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Subject: Re: [PHP-DEV] [RFC] Platform and extension-independent API to the system CSPRNG From: fsb@thefsb.org (Tom Worster) References: I have also set up a github repo with 4 files in it. It is a first hack of a function that does part of what I described in the RFC. It's based on the interface of openssl_random_pseudo_bytes() and the guts of mcrypt_create_iv(). It is provisionally named cs_random_bytes(). For now it builds and works at least this much: $ sapi/cli/php -r 'echo bin2hex(cs_random_bytes(8)) . PHP_EOL;' 4cd0965922470560 The hard work will be implementing the $is_strong_result flag in a platform independent way. You need to read the status of the entropy pool. The current code does that for Linux (maybe?). On FreeBSD you use sysctl(3) to read kern.random.sys.seeded. On OS X you ask securityd. Windows is actually easier. And what about other OSs? What is PHP normally tested on and would that be a suitable guide for cs_random_bytes()? In any case, I am no C programmer. I'm just a web dev. I don't even know how to ask if sysctl(3) is present. Tom On 1/8/12 7:42 PM, "Tom Worster" wrote: >I added the new RFC https://wiki.php.net/rfc/csrandombytes which is in its >first draft.