Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72630
Return-Path: <jakub.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 62349 invoked from network); 15 Feb 2014 12:50:38 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Feb 2014 12:50:38 -0000
Authentication-Results: pb1.pair.com smtp.mail=jakub.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=jakub.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.174 as permitted sender)
X-PHP-List-Original-Sender: jakub.php@gmail.com
X-Host-Fingerprint: 209.85.216.174 mail-qc0-f174.google.com  
Received: from [209.85.216.174] ([209.85.216.174:51409] helo=mail-qc0-f174.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 77/A2-45929-B926FF25 for <internals@lists.php.net>; Sat, 15 Feb 2014 07:50:35 -0500
Received: by mail-qc0-f174.google.com with SMTP id x13so21248280qcv.19
        for <internals@lists.php.net>; Sat, 15 Feb 2014 04:50:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date:message-id:subject
         :from:to:cc:content-type;
        bh=9NLsTK0PoQEMMLWzSnW9fYpxC7xKN76qiYsHiqXh2Go=;
        b=wHpJNkFtDDbASJ7imX81/Z3IUmqlm23btd1518fqQUAmc/ktMfG7e2sjXfLmB//w77
         UI+NeoZC4Zl7FluWH+Z4QUfPADHRzkMyJ7Uwa6LdbmmKJj/dJnxB3RHutnMzh5F/gyCA
         K76xsuHDbXRGCfzfRbClqyQXiSd7O22OTp8IG63IAMOCuqEa3laP0Zz2Sk/OOnpJwI8H
         tgQDEfK1cPBLJEDuo7WVRpPxNUVww9e9Kcnzld/AuH//uLcPzq9jJblIlKMmBmbKXESI
         aQH24UaYAIuJn+RSxSzh4IE5VG1gtxDKcX9k+ugGNK02KbQITRV1Tj4xys+Ev/4Cks5C
         BYIg==
MIME-Version: 1.0
X-Received: by 10.140.101.104 with SMTP id t95mr668892qge.106.1392468632688;
 Sat, 15 Feb 2014 04:50:32 -0800 (PST)
Sender: jakub.php@gmail.com
Received: by 10.224.68.68 with HTTP; Sat, 15 Feb 2014 04:50:32 -0800 (PST)
In-Reply-To: <CALwr1GkDq8QuHswGcmc6o3ihVqmA0_Wq8S-eOpwvCmSGL6KSRg@mail.gmail.com>
References: <CAPhkiZz91t5i+MxP8-P5zLtr9+1h3NyJfy2FO0PjhVZbG4LqBA@mail.gmail.com>
	<CAEZPtU72hXjKJ4VMhNa1pYi09vNgC6KkOmgk5Ld3+XWt_092EQ@mail.gmail.com>
	<CAPhkiZynD5JF15PrWN1Bxv=UEdkPm+RrGOnpp3oAQiSjbBY3+Q@mail.gmail.com>
	<CAEZPtU7UnOg_Q1A-4+v7kfaW0-3cUFpO6Le91GDRki4y3xSnxg@mail.gmail.com>
	<CAEKnhAGZ0VY5H0nKvzCoK2Rx-ORkkbFE1WFEZr=VkzTWvXXGfQ@mail.gmail.com>
	<CAPhkiZxTFU-bxyX4QeAO7cnTdEua+M2BSn2dTQ48kxga+VOALw@mail.gmail.com>
	<CAEKnhAErZ_K3=vPvGEcDBMtT4f_rnawgAu4D=CCeedgp9OqaHw@mail.gmail.com>
	<CALwr1GkDq8QuHswGcmc6o3ihVqmA0_Wq8S-eOpwvCmSGL6KSRg@mail.gmail.com>
Date: Sat, 15 Feb 2014 12:50:32 +0000
X-Google-Sender-Auth: NTouDLllxk8KjVo94xTV0hqlQAw
Message-ID: <CAEKnhAEHWLaj9=k2ZG=+kSCFWbwvb+iDjb5QXgaGebpaE+UPmQ@mail.gmail.com>
To: =?ISO-8859-1?Q?P=E1draic_Brady?= <padraic.brady@gmail.com>
Cc: Andrey Andreev <narf@devilix.net>, Pierre Joye <pierre.php@gmail.com>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a11c16f5e365d2604f2715eff
Subject: Re: [PHP-DEV] unify entropy source for all php related functions
From: bukka@php.net (Jakub Zelenka)

--001a11c16f5e365d2604f2715eff
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Sat, Feb 15, 2014 at 11:59 AM, P=E1draic Brady <padraic.brady@gmail.com>=
wrote:

> Hi,
>
> On 14 February 2014 15:30, Jakub Zelenka <bukka@php.net> wrote:
> > It uses /dev/urandom for seeding PRNG. It means that it reads only 32
> bytes
> > (256 bits) from it. If you call openssl_random_pseudo_bytes you will ge=
t
> > bytes generated by PRNG
> >
> >
> >>  - $crypto_strong will always be true on Linux (UNIX-whatever)
> >>
> >
> > Yes. The reason is that /dev/urandom is non-blocking and you will alway=
s
> > get enough entropy from it. You don't have to check the flag on Linux
> > because it will be always true!
> >
> > The point is that OpenSSL considers /dev/urandom strong enough for
> seeding
> > CSPRNG.
> >
> > Jakub
>
> There are the three categories:
>
> 1. Non-Cryptographically Deterministic PRNG
> 2. Entropy Input PRNG
> 3. Cryptographically Secure PRNG
>
> OpenSSL is the second. /dev/urandom is also the second. /dev/random is
> the third (after a warmup period!). Something like rand() would be in
> the first under the assumption that time is predictable.
>
> Those are the technical categories anyway... In reality, you can use a
> non-CSPRNG for cryptographic needs over the short term. If you can't,
> it means the damn thing is broken ;). If you have something like a
> long term or high value cryptographic product, you wont want to stint
> on entropy and you won't want to run afoul of any future issue with
> the entropy collection or mixing, and you're probably not going to
> even use a machine remotely susceptible in inactivity (which may limit
> the entropy sources).
>
> Be careful of taking claims at face value where definitions are in doubt.
>
> Paddy
>
>
>
Thanks for the explanation. It makes sense.

I thought that they considers the PRNG as Cryptographically Secure because
the documentation states that it produces cryptographically strong
pseudo-random bytes

http://www.openssl.org/docs/crypto/RAND_bytes.html

(RAND_bytes is equal to RAND_pseudo_bytes on Linux)

Jakub

--001a11c16f5e365d2604f2715eff--