Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72379 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 78168 invoked from network); 7 Feb 2014 11:53:05 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Feb 2014 11:53:05 -0000 Authentication-Results: pb1.pair.com smtp.mail=padraic.brady@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=padraic.brady@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.51 as permitted sender) X-PHP-List-Original-Sender: padraic.brady@gmail.com X-Host-Fingerprint: 209.85.215.51 mail-la0-f51.google.com Received: from [209.85.215.51] ([209.85.215.51:34227] helo=mail-la0-f51.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 2A/37-34013-F19C4F25 for ; Fri, 07 Feb 2014 06:53:04 -0500 Received: by mail-la0-f51.google.com with SMTP id c6so2532927lan.38 for ; Fri, 07 Feb 2014 03:53:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=eLBZgO/MJKx/F+udpZkbbsDTdgk3/xjmuf4LlHrP/sY=; b=q/lvGl1uYL+TUrJ7wJYLymiM7Rx9gzBovzfLzDspUuRH7VYDohphf3qtXD89tzfGwe X5hMnVzbkYJZGWACDN50Pw7W9hZpzRzN8E9I0qb/siOZTAJIIYxlJ/UId7PWGATzdTyg SlMxmEL1MWMvc/wSyTTXZhF7VdF7lyR5QNf8pzRny1pGgqSro2qW0mcS3XUI0Gj6S+ON i0jmgcC/la7+9ik/AekKu5ReV0/eB7M6eXJ6jaR24o0jh6GkqLMmgErWOg4mOybQIVmE 1Pkv4F8xiBVTEIfRPXYfRRxZ/c2VyoA9JV0QCX425EqLumFvwvt/T8MIvngQOCj07kHa d6ag== MIME-Version: 1.0 X-Received: by 10.112.45.108 with SMTP id l12mr9282977lbm.21.1391773980976; Fri, 07 Feb 2014 03:53:00 -0800 (PST) Received: by 10.114.70.20 with HTTP; Fri, 7 Feb 2014 03:53:00 -0800 (PST) In-Reply-To: References: Date: Fri, 7 Feb 2014 11:53:00 +0000 Message-ID: To: Pierre Joye Cc: PHP internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] unify entropy source for all php related functions From: padraic.brady@gmail.com (=?UTF-8?Q?P=C3=A1draic_Brady?=) Hi Pierre, On 7 February 2014 11:25, Pierre Joye wrote: > hi, > > There are a lot of additions and discussions about entropy source and > (P)RNG lately. > > PHP already has a ini setting to define a strong entropy source for > the session module, which defaults to urandom or arandom. > > I would like to create two settings to unify the entropy source > accross php functions. That includes mcrypt, new password APIs, > session, LCG, etc. > > Something along this line: > > random.entropy_strong_source (/dev/(u|a)random etc.) > random.entropy_crypto_source (/dev/random etc.) In principle, that makes a lot of sense. It beats wondering what each different function is using under the covers and may even simplify userland code a bit (and reduce some file checking if it can be relied upon). > I am not willing to propose new RNG functions or extensions for 5.6 as > we have way too little time to actually discuss its design and APIs. > However having these settings unified and documented would be a good > step forward already. I think the end goal should be unification with some generalised API. At the moment we have mt_rand(), lcg_value(), openssl_random_pseudo_bytes(), mcrypt_create_iv() and then the file read approaches. They all have uses, but they sit in different places and extensions and it=E2=80=99s not always clear what each is best at. I ag= ree that this would take a lot of time to work through. -- P=C3=A1draic Brady http://blog.astrumfutura.com http://www.survivethedeepend.com Zend Framework Community Review Team Zend Framework PHP-FIG Representative