Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72601 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 28583 invoked from network); 14 Feb 2014 15:09:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 14 Feb 2014 15:09:37 -0000 Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.172 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.216.172 mail-qc0-f172.google.com Received: from [209.85.216.172] ([209.85.216.172:57329] helo=mail-qc0-f172.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4A/73-09381-0B13EF25 for ; Fri, 14 Feb 2014 10:09:37 -0500 Received: by mail-qc0-f172.google.com with SMTP id c9so20036800qcz.17 for ; Fri, 14 Feb 2014 07:09:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=eRTfkbsT+y0lkGa01s/CHJjcJXXIM/gZzov8ZyXMmVw=; b=uAr5WhrKiyqdpc6EUmuHNkpOk+J1GfCx3tAN1m23G92+qo3wOtrtBUATC0pcNyFSSa 0pytHhYLB9u61fiduHl6kWV+9RS3k2OXtLJRdE/3w4ChDKcwURXCY881n1SgVxjY4rlA GMWJT88qD8wwHJ+nenNTxC/hasdh5l9iezQn4nzwrxMWp9dRlVw2PPuzcW/kwWAEAb/I O+r+xRgvRcHgK7U5fpwK+WE2tgJr0zReqWbprwVjdXdMupHftNE95RjS9xc1cC1/jw9W nzgzjbyClS1Q+rcr4IObgkJM+ZHXGD43A2NgRw/hFZcRwahVGG01fgzV63m1gg72sVAf Pf+A== MIME-Version: 1.0 X-Received: by 10.224.98.212 with SMTP id r20mr14143249qan.0.1392390574038; Fri, 14 Feb 2014 07:09:34 -0800 (PST) Received: by 10.140.18.145 with HTTP; Fri, 14 Feb 2014 07:09:33 -0800 (PST) Received: by 10.140.18.145 with HTTP; Fri, 14 Feb 2014 07:09:33 -0800 (PST) In-Reply-To: References: Date: Fri, 14 Feb 2014 16:09:33 +0100 Message-ID: To: Jakub Zelenka Cc: PHP internals , Andrey Andreev Content-Type: multipart/alternative; boundary=089e0149d0d08de21a04f25f31db Subject: Re: [PHP-DEV] unify entropy source for all php related functions From: pierre.php@gmail.com (Pierre Joye) --089e0149d0d08de21a04f25f31db Content-Type: text/plain; charset=UTF-8 On Feb 14, 2014 9:19 PM, "Jakub Zelenka" wrote: > > On Fri, Feb 14, 2014 at 1:53 PM, Pierre Joye wrote: >> >> On Feb 14, 2014 8:02 PM, "Andrey Andreev" wrote: >> >> > So how does openssl_random_pseudo_bytes() work without blocking then? >> >> Because it tells you if the result is crypto safe or not: >> >> string *openssl_random_pseudo_bytes* (int $length [, bool &$crypto_strong] ) >> >> >> If you want only crypto safe result another function has to be used (on >> opennssl). > > > That's not the way how it works in md_rand. The ssleay_rand_pseudo_bytes (Rand_psedobytes called in openssl_random_pseudo_bytes) is just a wrapper for ssleay_rand_bytes with pseudo flag set to 1. ssleay_rand_bytes first calls Rand_poll that adds the entropy. The thing is that the entropy is taken from /dev/urandom on Unix. It means you will always have enough entropy on Linux and the functions returns 1 ($crypto_strong is set to true). You won't get false on Linux though. The reason of the flag in OpenSSL is if you run it in on some platform that can't provide enough entropy which is not the case on Linux. Please see the sources for more details. > I referred to the php function. You have to check this arg if you need crypto safe. > > Jakub > --089e0149d0d08de21a04f25f31db--