Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:68822 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 90350 invoked from network); 1 Sep 2013 22:01:22 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Sep 2013 22:01:22 -0000 Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.53 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.215.53 mail-la0-f53.google.com Received: from [209.85.215.53] ([209.85.215.53:63877] helo=mail-la0-f53.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 71/77-55332-139B3225 for ; Sun, 01 Sep 2013 18:01:21 -0400 Received: by mail-la0-f53.google.com with SMTP id el20so2949755lab.26 for ; Sun, 01 Sep 2013 15:01:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=VEmU4fo1PIE0s4B2Y5xHY4bpkebFodfxmMvJkE/vB+8=; b=HxfC5QLV8w5rTIcQLrpcLFqsYQHOb8Q6MWjze+nMLLgvIlVv3k5aPP0z3QavO9NNkA QONNp+j0ODsFcmCPsQ12k32kEtA0EHVhNR94SPgSm9Tb3xaDcIL4QzDIP54mqjfCB5Xn GArOAMRBmNLgqazPFT3AwfEBmclM/kIYH3D4K92E+nSlZnG7TddvIDkKGbWETsNe9B7h 02ujbfPyzZIT4jXacTfNa1mZAmW38HaWvGs8ZSBWvYUeH62rNpFmoVpDaE6ojkbV/7oL 8j1SXjFu3msQktW2R6vLpEZBbcNOLerKixeH6S5dSlwR99v14cohiAlkqIflvOEyUcr7 w1OA== MIME-Version: 1.0 X-Received: by 10.152.26.72 with SMTP id j8mr18619232lag.19.1378072878246; Sun, 01 Sep 2013 15:01:18 -0700 (PDT) Received: by 10.112.148.138 with HTTP; Sun, 1 Sep 2013 15:01:18 -0700 (PDT) In-Reply-To: References: <521E64B6.30703@marc-bennewitz.de> <521F37E5.5040203@gmail.com> <5220F973.5000000@marc-bennewitz.de> <001701cea5e7$e872d030$b9587090$@org> Date: Mon, 2 Sep 2013 00:01:18 +0200 Message-ID: To: Jakub Zelenka Cc: "Bryan C. Geraghty" , Marc Bennewitz , PHP internals list Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] More powerful (and backward compatible) API of random number generator functions From: pierre.php@gmail.com (Pierre Joye) On Sun, Sep 1, 2013 at 3:12 PM, Jakub Zelenka wrote: > The whole proposal is a bit confusing for me. The combination of PRNG > algorithm (MT) with libraries (libc, OpenSSL, GMP) that implements one or > more PRNG algorithms just doesn't make sense to me. It doesn't say anything > about the speed and crypto strength of the algorithms. I think that much > better solution would be an extension that implements a couple of > algorithms. Then you could select what algorithm you want to use. The good > idea would be to have some reasonable default algorithm that would be used > if the user doesn't know anything about algorithms. This could be > implemented as an extension and if it's good enough then it could be > proposed as the core addition. Except a few very well known algorithm (MT, SIMD MT and the likes) with well tested implementation, I would not even try to implement anything else on our own, even less for crypto safe algorithms. This is something really hard to implement and I know very little new algorithm or new implementations actually working as expected, and they were done by experts, not people like you and me :) Relying on well tested libraries or devices (harware like those avaiable in the new haswel serie, /dev/*random, etc.) is a much better approach and let us focus on the APIs we will provide in the userland side. Cheers, -- Pierre @pierrejoye | http://www.libgd.org