Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72386 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 97716 invoked from network); 7 Feb 2014 15:43:25 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Feb 2014 15:43:25 -0000 Authentication-Results: pb1.pair.com smtp.mail=padraic.brady@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=padraic.brady@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.174 as permitted sender) X-PHP-List-Original-Sender: padraic.brady@gmail.com X-Host-Fingerprint: 209.85.217.174 mail-lb0-f174.google.com Received: from [209.85.217.174] ([209.85.217.174:35539] helo=mail-lb0-f174.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5D/B0-28522-B1FF4F25 for ; Fri, 07 Feb 2014 10:43:23 -0500 Received: by mail-lb0-f174.google.com with SMTP id l4so2801982lbv.33 for ; Fri, 07 Feb 2014 07:43:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=SbjkA1p1w9onWy6daMdQ60lAS2EqiZDV57uENwgaMFA=; b=G7ajO8I5CRI+iP61G3VosH+Fex7O6JNm+/skdRnEIAuXjofFC3Dj/9mfjqnQC7W+0T WtS2usHq9uo0yd0irUihbBgdhCSXwG7nS3KSvDlaRRcJlj7aywDKp8gB4QFPIOHi/NrH IRN7jJWRolTfr1zpQAZvp4b3x2EcU1/xQyhMpSo59h1SV1i+rGXynuIEheL4ItmHJSyK ZZPTDTyZRte+W8oL+3EXOJ45LgoQytzu8F7abjGmAFRIU443ufiHAaE8CyRstq7Nr96L 3vQ3xYKIo+Hpqzu0jVZXiLEmlMAbFsilXF6eGqzOs0eaLCnsLhZU50KNYxAC8clEvW4B KzxQ== MIME-Version: 1.0 X-Received: by 10.153.9.97 with SMTP id dr1mr1984667lad.45.1391787800247; Fri, 07 Feb 2014 07:43:20 -0800 (PST) Received: by 10.114.70.20 with HTTP; Fri, 7 Feb 2014 07:43:20 -0800 (PST) In-Reply-To: References: Date: Fri, 7 Feb 2014 15:43:20 +0000 Message-ID: To: Nikita Popov Cc: Pierre Joye , PHP internals Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] unify entropy source for all php related functions From: padraic.brady@gmail.com (=?UTF-8?Q?P=C3=A1draic_Brady?=) Hi Nikita, On 7 February 2014 12:58, Nikita Popov wrote: > On Fri, Feb 7, 2014 at 12:25 PM, Pierre Joye wrote= : > >> hi, >> >> There are a lot of additions and discussions about entropy source and >> (P)RNG lately. >> >> PHP already has a ini setting to define a strong entropy source for >> the session module, which defaults to urandom or arandom. >> >> I would like to create two settings to unify the entropy source >> accross php functions. That includes mcrypt, new password APIs, >> session, LCG, etc. >> >> Something along this line: >> >> random.entropy_strong_source (/dev/(u|a)random etc.) >> random.entropy_crypto_source (/dev/random etc.) >> >> I am not willing to propose new RNG functions or extensions for 5.6 as >> we have way too little time to actually discuss its design and APIs. >> However having these settings unified and documented would be a good >> step forward already. >> > > To clarify what this proposal does (from otr discussion with Pierre): > > * openssl_pseudo_random_bytes - not changed > * mcrypt_create_iv($n, MCRYPT_DEV_RANDOM) - uses crypto_source instead o= f > /dev/random > * mcrypt_create_iv($n, MCRYPT_DEV_URANDOM) - uses strong_source instead = of > /dev/urandom > * mcrypt_create_iv($n, MCRYPT_RAND) - not changed > * password_hash() - uses strong_source > * session ID - uses strong_source > * lcg_value, rand, mt_rand - not changed > > Hope everything is correct :) > > Nikita Don't forget array_rand() and shuffle()... :P But yes, that would be the expected outcome as I understand it. Paddy -- P=C3=A1draic Brady http://blog.astrumfutura.com http://www.survivethedeepend.com Zend Framework Community Review Team Zend Framework PHP-FIG Representative