Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72595 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 16196 invoked from network); 14 Feb 2014 13:02:24 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 14 Feb 2014 13:02:24 -0000 Authentication-Results: pb1.pair.com smtp.mail=narf@devilix.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=narf@devilix.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain devilix.net designates 209.85.213.46 as permitted sender) X-PHP-List-Original-Sender: narf@devilix.net X-Host-Fingerprint: 209.85.213.46 mail-yh0-f46.google.com Received: from [209.85.213.46] ([209.85.213.46:56331] helo=mail-yh0-f46.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 9B/31-09381-FD31EF25 for ; Fri, 14 Feb 2014 08:02:23 -0500 Received: by mail-yh0-f46.google.com with SMTP id v1so11519572yhn.19 for ; Fri, 14 Feb 2014 05:02:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devilix.net; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NpijhLoLTfHg8UMeNcXVuZqwi8/dAL+OWgLnaC802KQ=; b=ZcM7NU822TlpnZuldkAGdtG5BnK18s8BsdYq2D+GiDuCtaA5h1lNVy0/ai7EaoVutQ nmS91VmLZpEo8Bztxpu2Y1p1PEb4PGucnt+L/r604yw+ABN56v9lNifaDlUIXVpQu5T9 qrX6XtzXV2T93mdaW2pjOniUIho8JB6wh2+rQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=NpijhLoLTfHg8UMeNcXVuZqwi8/dAL+OWgLnaC802KQ=; b=PWxHR51ALnjmLorCEw4tSgWLvLbWiAjUiurVOmeHt3Lwg/+7IvIJq95H7MY2ZMjPXN yNjKH1Em7dqZ7Xt0GWcbZtyfnm93AL7/K/ZE67IkA6YGZkpCzvSQJWZSDU1CX3OyfLe9 z0DtUUL5536zVVgG4ABHytFuREKIfpYIanvkbzwi7fxwZ462VQoxK9ZKr5qh25nLXcHB N99F+rVZLe1EfsS5kaAXJh/fzg5vpdDuDVYlYdmSqNTDdqhHK1Me/cdJxEb/wsIGD0CR cX+BfFiN7T2lMBHPqUQE8i2IJ/TNZb0NkQZH0maoIHg61mpSw+SVbfCdWsilfHVWd6tm G8UQ== X-Gm-Message-State: ALoCoQnV+7Yhw6ojY1gdyQPhgCHu5kEoc5M25FdGpRfTFsbinZLN2HHlUiyZNQ74rjNj9DhVkOw+ MIME-Version: 1.0 X-Received: by 10.236.134.48 with SMTP id r36mr30591yhi.133.1392382940419; Fri, 14 Feb 2014 05:02:20 -0800 (PST) Received: by 10.170.49.147 with HTTP; Fri, 14 Feb 2014 05:02:20 -0800 (PST) In-Reply-To: References: Date: Fri, 14 Feb 2014 15:02:20 +0200 Message-ID: To: Pierre Joye Cc: PHP internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] unify entropy source for all php related functions From: narf@devilix.net (Andrey Andreev) On Fri, Feb 14, 2014 at 2:26 PM, Pierre Joye wrote: > > On Feb 14, 2014 7:03 PM, "Andrey Andreev" wrote: >> ALL sources >> say that /dev/urandom is both widely used and considered safe for >> cryptography. Only a select few mention that it could be a bit weaker >> in specific cases, in theory. > > No urandom (and similar) are not crypto safe. Totally not. They are however > good enough for most usages but crypto safe related tasks like key > generation and the likes. Any (good) paper mentions this. > > Cheers, > Pierre So how does openssl_random_pseudo_bytes() work without blocking then? $ cat test.php