Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72593
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 12367 invoked from network); 14 Feb 2014 12:26:18 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Feb 2014 12:26:18 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.177 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.216.177 mail-qc0-f177.google.com  
Received: from [209.85.216.177] ([209.85.216.177:50755] helo=mail-qc0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C2/80-09381-96B0EF25 for <internals@lists.php.net>; Fri, 14 Feb 2014 07:26:17 -0500
Received: by mail-qc0-f177.google.com with SMTP id i8so19690144qcq.36
        for <internals@lists.php.net>; Fri, 14 Feb 2014 04:26:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=On7e7Xo/4RaWjGxj9kDSaLPL1jFWZkgSTf6xN9Pd5ig=;
        b=d0/K74weSO7EEf6styNtJrRnuIdycfQNTJ5+pUkIZVDh5iWRzNkR8lJLBBqjOC7MDT
         ROym3svTZMs+EnuyV0u7jHUYYWthQAmyhsbKUFX87MSALD/oFNE/EtVhJY6cD8i+cF5P
         62Z8/hyFm4UNGCpAP9an90jJYgEfu68qxCrUXdG4hidWOOKfKjUR7lcTpXmjqiXleQd/
         8AeM1fE1Q6HzsOn4q6Y9x/6t0mAz63N/FHvHdj20XVFh4uq1eDQykqxu4ZBPHX6vAltE
         y/B+TM12cTVS5G9ACH4s6p5niy4L0Jfn0o5SI4cdzzlhgqgBqALIV/OQKGu14Lo33unv
         CS2Q==
MIME-Version: 1.0
X-Received: by 10.224.104.8 with SMTP id m8mr12334671qao.87.1392380773592;
 Fri, 14 Feb 2014 04:26:13 -0800 (PST)
Received: by 10.140.18.145 with HTTP; Fri, 14 Feb 2014 04:26:13 -0800 (PST)
Received: by 10.140.18.145 with HTTP; Fri, 14 Feb 2014 04:26:13 -0800 (PST)
In-Reply-To: <CAPhkiZz91t5i+MxP8-P5zLtr9+1h3NyJfy2FO0PjhVZbG4LqBA@mail.gmail.com>
References: <CAPhkiZz91t5i+MxP8-P5zLtr9+1h3NyJfy2FO0PjhVZbG4LqBA@mail.gmail.com>
Date: Fri, 14 Feb 2014 13:26:13 +0100
Message-ID: <CAEZPtU72hXjKJ4VMhNa1pYi09vNgC6KkOmgk5Ld3+XWt_092EQ@mail.gmail.com>
To: Andrey Andreev <narf@devilix.net>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a1132ec0066f5ca04f25ce9a8
Subject: Re: [PHP-DEV] unify entropy source for all php related functions
From: pierre.php@gmail.com (Pierre Joye)

--001a1132ec0066f5ca04f25ce9a8
Content-Type: text/plain; charset=UTF-8

On Feb 14, 2014 7:03 PM, "Andrey Andreev" <narf@devilix.net> wrote:
> ALL sources
> say that /dev/urandom is both widely used and considered safe for
> cryptography. Only a select few mention that it could be a bit weaker
> in specific cases, in theory.

No urandom (and similar) are not crypto safe. Totally not. They are however
good enough for most usages but crypto safe related tasks like key
generation and the likes. Any (good) paper mentions this.

Cheers,
Pierre

--001a1132ec0066f5ca04f25ce9a8--