Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:82169
Return-Path: <rdlowrey@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 43886 invoked from network); 8 Feb 2015 20:42:26 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 8 Feb 2015 20:42:26 -0000
Authentication-Results: pb1.pair.com header.from=rdlowrey@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=rdlowrey@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.176 as permitted sender)
X-PHP-List-Original-Sender: rdlowrey@gmail.com
X-Host-Fingerprint: 209.85.213.176 mail-ig0-f176.google.com  
Received: from [209.85.213.176] ([209.85.213.176:49321] helo=mail-ig0-f176.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 82/23-26926-F2AC7D45 for <internals@lists.php.net>; Sun, 08 Feb 2015 15:42:24 -0500
Received: by mail-ig0-f176.google.com with SMTP id hl2so12711833igb.3
        for <internals@lists.php.net>; Sun, 08 Feb 2015 12:42:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:date:message-id:subject
         :from:to:cc:content-type;
        bh=SHuI/x1VGheo4qX/7HZ99jfBlpg+OU0Lyekae2PX8hk=;
        b=vts1xHSNKK1ZMu7emi4e+YwRzaVljCmss5zvg6cg4P8AU/PQ7Vfh4jD/xYlAbumP7S
         TmIIXZ8bRoBPWp5S81YMC+zka+0eXigE53E9MylaJB6RAnnoxyH8wUFRagWLET9zfDRl
         bEQT0iaA03y/wY1e1rrOEQIGz3edmlnpBNn3/9MdjclchpHT4ZcIiwGII4VkWjvEB7SI
         4rUuqSUX0NBEZlc+orYub7icMeab1Ur7SPfYnWKwbnBcUasWEDL2IjOx4N5pP/AHQ4OW
         XGLfPZWzuLGDdG69g1H0HAP3Z1GCdEMESDCWyodzufOhxkg22ZfL02kjWzq3uNVRWnPY
         ilFQ==
MIME-Version: 1.0
X-Received: by 10.107.5.79 with SMTP id 76mr22550753iof.15.1423428140900; Sun,
 08 Feb 2015 12:42:20 -0800 (PST)
Sender: rdlowrey@gmail.com
Received: by 10.50.156.198 with HTTP; Sun, 8 Feb 2015 12:42:20 -0800 (PST)
In-Reply-To: <D0FD1464.5D325%fsb@thefsb.org>
References: <CAH8MpnkZCnvdHE5yC_kgo8cisHULegjwndMZWdvTPOYrm9io3A@mail.gmail.com>
	<CALWK-fghgnXh8hgF3CpqOTvWU3UbcJrnZ=rZY1SNeU2SAuhnSg@mail.gmail.com>
	<D0FD0276.5D311%fsb@thefsb.org>
	<CAH8MpnmADhn9RnBeV422HMPJne=unKT9P-sj7FS72ZFnbEjz_A@mail.gmail.com>
	<D0FD1464.5D325%fsb@thefsb.org>
Date: Sun, 8 Feb 2015 15:42:20 -0500
X-Google-Sender-Auth: gbJ1VaDzTVK77kDJ9szjcA-tCNE
Message-ID: <CAH8Mpnnscesy8KJD+nVBrjogvTT3z-W22HrZgM=SNPCkZS7doA@mail.gmail.com>
To: Tom Worster <fsb@thefsb.org>
Cc: Daniel Lowrey <rdlowrey@php.net>, "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113ee646b3abab050e99b0b5
Subject: Re: [PHP-DEV] Re: Security changes in PHP 7
From: rdlowrey@php.net (Daniel Lowrey)

--001a113ee646b3abab050e99b0b5
Content-Type: text/plain; charset=UTF-8

On Sun, Feb 8, 2015 at 2:18 PM, Tom Worster <fsb@thefsb.org> wrote:
>
> On 2/8/15, 12:52 PM, "Daniel Lowrey" <rdlowrey@php.net> wrote:
>
> >On Sun, Feb 8, 2015 at 12:11 PM, Tom Worster <fsb@thefsb.org> wrote:
> >>
> >> Thanks Damien and Daniel for the info.
> >>
> >> I am not concerned about running out of entropy. I am concerned about
> >> userspace RNGs such as OpenSSL
> >> http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
> >
> >Just to be clear (as Damien also mentioned): openssl is not a userspace
> >RNG.
>
> OpenSSL has an RNG that is not in the kernel memory space. Software that
> is
> in memory but not in the kernel space is in the user space.
>

You're right, my mistake. I don't claim to be a crypto expert in any sense
of the word -- I simply implement APIs that real crypto experts create. I
don't believe it makes any sense for us to implement this in php-src
directly.
If you haven't compiled openssl with a different RNG engine it's going to
default to use RAND_SSLeay(). The explanation here explains the logic
involved:

https://www.openssl.org/docs/crypto/rand.html#internals

Dr. Henson is far smarter than I am; I'll take his word for it. The only
outstanding issue noted in the linked discussion is "An initial source of
random 'state'" which, as you can see by reading the subsequent RAND_add()
documentation is transparently retrieved from /dev/urandom for us:

> On systems that provide /dev/urandom, the randomness device is used to
> seed the PRNG transparently. However, on all other systems, the
> application is responsible for seeding the PRNG by calling RAND_add()

If you're in Windows this is handled by a different API. And if not, I tend
to trust the openssl PRNG since it pulls its initial random state from
/dev/urandom. I honestly don't see the problem here. I'm happy to be wrong
if someone says, "no, we should come up with a different way to do this,"
and can provide logic to back that up. Personally, I have no reason to
believe the openssl implementation is inadequate. We could add the ability
to pass in your own initialization data but the only good option there is
pulling it from `fread()` on /dev/urandom anyway ... a somewhat pointless
exercise as openssl already does this.

--001a113ee646b3abab050e99b0b5--