Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:79578 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 79556 invoked from network); 11 Dec 2014 19:44:59 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 Dec 2014 19:44:59 -0000 Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.46 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 74.125.82.46 mail-wg0-f46.google.com Received: from [74.125.82.46] ([74.125.82.46:40612] helo=mail-wg0-f46.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 21/A2-58820-A34F9845 for ; Thu, 11 Dec 2014 14:44:59 -0500 Received: by mail-wg0-f46.google.com with SMTP id x13so7364657wgg.5 for ; Thu, 11 Dec 2014 11:44:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tClairTkkCs8AChcjfaZntezaHOB+1+aSHAQUcwC7hY=; b=atvOblJOdROnOc0rLB9DKxzbgvvHpju8tnhi0rii86SIcU7QV8aMsXCAaEv+P4y7by T8NxaLyy3sU9uGDoSsNwEvI3HIfXv0cgPcntyseGp5bo/g41O4v+sbs79V/0IrTNOMJP muQGoMiit3524DKgMk8a1/s45HXz16KA0PkJOdYbIACWzM2fYlo5y708PJEQhP2o8QP2 HC4WFB3EWtMS/omBSdTkOs4lVHYGWz4UnwzAYdJ3OyuPLijesjpQif4yqYTThOfQndoe MLElWz1fvx8MxgubQGnDFsM/Rc3lJJ4kIWyVrlEZrkaYeOga5IP2WFWvbpVw9Pom0UYw JwtQ== MIME-Version: 1.0 X-Received: by 10.180.100.98 with SMTP id ex2mr1009163wib.58.1418327093810; Thu, 11 Dec 2014 11:44:53 -0800 (PST) Received: by 10.216.50.139 with HTTP; Thu, 11 Dec 2014 11:44:53 -0800 (PST) In-Reply-To: <5489BA91.30503@cubiclesoft.com> References: <5487E91D.6070602@fedoraproject.org> <648FEBB3-9D71-4AE3-BFDA-5ED268FC02A7@ajf.me> <5489BA91.30503@cubiclesoft.com> Date: Thu, 11 Dec 2014 19:44:53 +0000 Message-ID: To: Thomas Hruska Cc: PHP Development Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] libmcrypt: abandonware? From: leight@gmail.com (Leigh) On 11 December 2014 at 15:38, Thomas Hruska wrote: > > To date, there still isn't a way to access CryptGenRandom() from userland > without an extension. Access to that Windows function depends on an > extension to expose php_win32_get_random_bytes() to userland. > mcrypt_create_iv() and openssl_random_pseudo_bytes() are the two userland > functions that do that and mcrypt is compiled into the Windows builds by > default. There's nothing in core for getting entropy in userland on Windows > despite the fact that two extensions use a function already in the core. > > If mcrypt is removed and no suitable replacement function for > mcrypt_create_iv() is put in place on Windows, the user will be forced to > load a library that may not even get used. This is possible because > openssl_random_pseudo_bytes() does not actually depend on OpenSSL under > Windows as it calls the php_win32_get_random_bytes() function instead - but > the 1MB OpenSSL library will get loaded anyway. > > php_win32_get_random_bytes() should be consistently accessible on Windows > via an ext/standard userland function that gets random bytes of data. Other > than mcrypt_create_iv(), I don't care about the rest of mcrypt. > I actually think a generic random bytes function outside of any cryptographic extensions would be a good idea. Even mcrypt seems like overkill if all you want is random strings.