Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72599 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 24164 invoked from network); 14 Feb 2014 14:19:26 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 14 Feb 2014 14:19:26 -0000 Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.174 as permitted sender) X-PHP-List-Original-Sender: jakub.php@gmail.com X-Host-Fingerprint: 209.85.216.174 mail-qc0-f174.google.com Received: from [209.85.216.174] ([209.85.216.174:38239] helo=mail-qc0-f174.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7D/A2-09381-DE52EF25 for ; Fri, 14 Feb 2014 09:19:25 -0500 Received: by mail-qc0-f174.google.com with SMTP id x13so20183537qcv.33 for ; Fri, 14 Feb 2014 06:19:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=/JR9sRWvPeGMu0X2/5oMCxHfDYdSOWyPWH/rL2dAkCw=; b=vckZArFC0hg3mp7Gi5qxqaYZguHnvddZGPjOi3ZkbR+2gffF5oBoY0/R0Ex4NHv3o3 oHhlTz/mQw2kkDSVBQJKTs4hIbwPEFDHnTNDvsEH0kQ1be3SJKMI8UTm+susc3KIx6U9 09K8bNaOL2fSG1VqrfzG4d7C0HYkjwJjjaroYTMiMjpYDT/823JCjBXayhlBy+ISuxar K9Kyu3wbKXkoLwd/yZHPL0gbk1MF5bCnza2+cnEMzelkx8F3U4ioZfvahO7c7R3ZJPWt BQzR3XpL/noqdJX1PlVNn2WH5oLBOqRM/hf8pBBiPF/b4OZcwZiVE3euvkz7lxHD3HUX Ce8g== MIME-Version: 1.0 X-Received: by 10.224.160.83 with SMTP id m19mr13254426qax.21.1392387562260; Fri, 14 Feb 2014 06:19:22 -0800 (PST) Sender: jakub.php@gmail.com Received: by 10.224.68.68 with HTTP; Fri, 14 Feb 2014 06:19:22 -0800 (PST) In-Reply-To: References: Date: Fri, 14 Feb 2014 14:19:22 +0000 X-Google-Sender-Auth: K7WZHf1Q3pFTpxS8m_aAnern_Bk Message-ID: To: Pierre Joye Cc: Andrey Andreev , PHP internals Content-Type: multipart/alternative; boundary=047d7bacb2aa09e8c104f25e7e97 Subject: Re: [PHP-DEV] unify entropy source for all php related functions From: bukka@php.net (Jakub Zelenka) --047d7bacb2aa09e8c104f25e7e97 Content-Type: text/plain; charset=ISO-8859-1 On Fri, Feb 14, 2014 at 1:53 PM, Pierre Joye wrote: > On Feb 14, 2014 8:02 PM, "Andrey Andreev" wrote: > > > So how does openssl_random_pseudo_bytes() work without blocking then? > > Because it tells you if the result is crypto safe or not: > > string *openssl_random_pseudo_bytes* (int $length [, bool &$crypto_strong] > ) > > If you want only crypto safe result another function has to be used (on > opennssl). > That's not the way how it works in md_rand. The ssleay_rand_pseudo_bytes (Rand_psedobytes called in openssl_random_pseudo_bytes) is just a wrapper for ssleay_rand_bytes with pseudo flag set to 1. ssleay_rand_bytes first calls Rand_poll that adds the entropy. The thing is that the entropy is taken from /dev/urandom on Unix. It means you will always have enough entropy on Linux and the functions returns 1 ($crypto_strong is set to true). You won't get false on Linux though. The reason of the flag in OpenSSL is if you run it in on some platform that can't provide enough entropy which is not the case on Linux. Please see the sources for more details. Thanks Jakub --047d7bacb2aa09e8c104f25e7e97--