Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72382
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 83328 invoked from network); 7 Feb 2014 12:23:52 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Feb 2014 12:23:52 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.180 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.216.180 mail-qc0-f180.google.com  
Received: from [209.85.216.180] ([209.85.216.180:55229] helo=mail-qc0-f180.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 49/48-34013-750D4F25 for <internals@lists.php.net>; Fri, 07 Feb 2014 07:23:51 -0500
Received: by mail-qc0-f180.google.com with SMTP id i17so5602998qcy.25
        for <internals@lists.php.net>; Fri, 07 Feb 2014 04:23:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=TuhD5w/bcReJhQojCJxpLu+kL6ODoNJ0gQ6wymhKTqo=;
        b=BnoweSrf7Izwz/C/l8APkw3wluqsVZegU3n15ZL9plT0QGz6r2i8u622Q5PuRIBdrs
         zRaCkV9C/h+L3jalfFq8/4unPDX9gN/lQRZJdwqreydoiu8OCpOq4RZq6jIzEIp3vdeM
         DYEEIO/zcI9fHBxyMQtGXZAjuuPt1bgtNUTlPyp4vpExokcEsq1qYwPIOHDmdDZvFFZ9
         ylsW1WsP2rBeYy1dNArjBaCg9nbCPa9a2B3P+D1VI6gSPb+Afo/bT8ANZmT9fWLzyQUI
         AWr95Y8zwb4g159024jb0UrbkH8C7PUTsrLZCO6uJXvNKbzfEmf6P0ZmWwWhKU+NKcut
         kCSg==
MIME-Version: 1.0
X-Received: by 10.224.98.212 with SMTP id r20mr21628052qan.0.1391775828384;
 Fri, 07 Feb 2014 04:23:48 -0800 (PST)
Received: by 10.140.18.145 with HTTP; Fri, 7 Feb 2014 04:23:48 -0800 (PST)
In-Reply-To: <CAF+90c-uprFAk=JOfTRdur1vbTSNK2U8_AGUGzj1QgVixdJVHA@mail.gmail.com>
References: <CAEZPtU7NJYRrsMMnNZZZ2fi_XSvqG5J=85=kd9yO5c54zfDCSw@mail.gmail.com>
	<CAF+90c-uprFAk=JOfTRdur1vbTSNK2U8_AGUGzj1QgVixdJVHA@mail.gmail.com>
Date: Fri, 7 Feb 2014 13:23:48 +0100
Message-ID: <CAEZPtU5jOH_5D3RxSJtJabehuvy0=fUQMvwWZUv+ofirAXqtvA@mail.gmail.com>
To: Nikita Popov <nikita.ppv@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] unify entropy source for all php related functions
From: pierre.php@gmail.com (Pierre Joye)

On Fri, Feb 7, 2014 at 1:13 PM, Nikita Popov <nikita.ppv@gmail.com> wrote:

> I'm not sure I understand this proposal and/or its purpose. Different
> applications have different requirements on the strength of the random
> number generator. As such this is something that needs to be specified on
> every use, rather than a (global) ini setting.

Not for this exact feature.

Example:
session uses an entropy source, u or a random by default or a user
defined source
mcrypt uses them as well, depending on the argument
The new password API tries to open /dev/urandom (and only!) and fall
back to rand(), which is quite bad.

Basically, they all have the same need for this exact feature.

What I propose is to add two settings because there is two needs right
now (and for quite some time actually):

- strong
   good enough for password generation and the likes

- crypto safe
   key generations and other cryptography related operations (usually
blocking op too btw)


> If your proposal is to have different different "categories" of randomness
> (the names indicate "strong" and "crypto"), then I see little point in
> having inis for this, rather than letting PHP choose an appropriate source
> (from that category) that is available on the system. Also, if you want to
> introduce such categories, you should also clarify how they will be used
> with the individual functions. Does that mean mcrypt_create_iv will have
> additional MCRYPT_STRONG and MCRYPT_CRYPTO options that will then use the
> source specified by the respective inis? Will the same also be added to
> openssl_pseudo_random_bytes as a (third) parameter?


No, they know which to use. And they already do it internally, hard
coded. The only problem is that they all do their little receipts and
there is no way to actually tell them to use a specific source for a
specific need.


> I feel like these ini settings make things only more confusing. I'd much
> more appreciate the introduction of a function for generating random bytes
> in the standard library, that supersedes the individual extension functions.

It makes things more clear, as you will then know exactly which source
is used for what. It is impossible now and you cannot change or
configure them. Making impossible or harder than it should to anyone
to setup a custom entropy source (for shared hosting or apps needing
more entropy data).

Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org