Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72377 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 75031 invoked from network); 7 Feb 2014 11:42:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Feb 2014 11:42:49 -0000 Authentication-Results: pb1.pair.com header.from=tjerk.meesters@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=tjerk.meesters@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.182 as permitted sender) X-PHP-List-Original-Sender: tjerk.meesters@gmail.com X-Host-Fingerprint: 209.85.220.182 mail-vc0-f182.google.com Received: from [209.85.220.182] ([209.85.220.182:41219] helo=mail-vc0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5F/86-34013-8B6C4F25 for ; Fri, 07 Feb 2014 06:42:49 -0500 Received: by mail-vc0-f182.google.com with SMTP id id10so2546486vcb.13 for ; Fri, 07 Feb 2014 03:42:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=06qHcAOAXBptJaxjqiY7rHue2hEfSCumYsRxPkLZY0Y=; b=QwmzEarDYkO3F8SlqmAwCS/ISiu2LN+GMJObX1KxWy/xGP6B3vMwmO0XRIltLy0hR0 //JKV1igsgJbpQP6iV1XxQES62gKVNxgF79bu2GrdnYUSvVT514Fi4LTjppJYeBpSxxl hoRwbr0VeTbxkc3aZSRMAGWURfu/geQdu9sG6HaPNDmhu7cC6PQPL+5+xWozd63B81Pu Qc/HI1vgWch5MsLafFP+mTwzxhEOmbnfNKwgBOTJuTQWKq6TBsXjwHDklq1pPr6xFqQO kx273+Ag4ZYdY46gHWEtVHxFTEkNzgbqEQSBMOIRt9p9DrSzOc343gtratkD8t9gE+h5 BafQ== MIME-Version: 1.0 X-Received: by 10.58.211.130 with SMTP id nc2mr9763522vec.7.1391773366262; Fri, 07 Feb 2014 03:42:46 -0800 (PST) Received: by 10.58.133.229 with HTTP; Fri, 7 Feb 2014 03:42:46 -0800 (PST) In-Reply-To: References: Date: Fri, 7 Feb 2014 19:42:46 +0800 Message-ID: To: Pierre Joye Cc: PHP internals Content-Type: multipart/alternative; boundary=047d7bea3a4e1aa4f904f1cf7da4 Subject: Re: [PHP-DEV] unify entropy source for all php related functions From: tjerk.meesters@gmail.com (Tjerk Meesters) --047d7bea3a4e1aa4f904f1cf7da4 Content-Type: text/plain; charset=ISO-8859-1 On Fri, Feb 7, 2014 at 7:25 PM, Pierre Joye wrote: > hi, > > There are a lot of additions and discussions about entropy source and > (P)RNG lately. > > PHP already has a ini setting to define a strong entropy source for > the session module, which defaults to urandom or arandom. > > I would like to create two settings to unify the entropy source > accross php functions. That includes mcrypt, new password APIs, > session, LCG, etc. > > Something along this line: > > random.entropy_strong_source (/dev/(u|a)random etc.) > random.entropy_crypto_source (/dev/random etc.) > > I am not willing to propose new RNG functions or extensions for 5.6 as > we have way too little time to actually discuss its design and APIs. > However having these settings unified and documented would be a good > step forward already. > Here's a wild idea; assuming for a second that `rand()` is actually fed by a proper entropy source, are there BC implications if we did that? :) Alternatively, we would be looking at dedicated `random_` functions that provide a similar functionality and end up with an API such as: int random_integer($min, $max) string random_string($length, $crypto_safe) etc... > > Thoughts? > > Cheers, > -- > Pierre > > @pierrejoye | http://www.libgd.org > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- -- Tjerk --047d7bea3a4e1aa4f904f1cf7da4--