Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:83703
Return-Path: <ircmaxell@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 65991 invoked from network); 24 Feb 2015 21:50:53 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Feb 2015 21:50:53 -0000
Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.217.176 as permitted sender)
X-PHP-List-Original-Sender: ircmaxell@gmail.com
X-Host-Fingerprint: 209.85.217.176 mail-lb0-f176.google.com  
Received: from [209.85.217.176] ([209.85.217.176:35442] helo=mail-lb0-f176.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id EE/A7-24698-B32FCE45 for <internals@lists.php.net>; Tue, 24 Feb 2015 16:50:52 -0500
Received: by lbjb6 with SMTP id b6so28097931lbj.2
        for <internals@lists.php.net>; Tue, 24 Feb 2015 13:50:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=DxJ92rTkOl+1PFjcKIj+pCE34B2vid7BtRyeKLp3L8U=;
        b=XTLDnvzW+jg2kb3smOnb6MnftDatSlrUk23ZwAwfUygrMAh+/wVbVIBge2+flJ9A6c
         31xiU/mSRNG6O02tiUuSss0eO65yCkP9eOF71GbCdJQ63ACx4HP+mNFZoZQdISangGhV
         W4k/ADcOPC+oGGY0EeXbYRKiFnuA8wC4oq8OdklQiNjk7Sdg2ONy6kCCC40J26OrjX9z
         c6SklnPjYpoMOCjJPNgv3JgIRszS3vZeS8obKBlDqWxlIBb6GNQU2PoNr506gUGP17hE
         OmgA5cRt3RAIqzEWJDcI9fwzOQu7D5qPasVvRV9L0Wz8T1A+uuT0a/+e2gCmneNrx8UX
         HLNw==
MIME-Version: 1.0
X-Received: by 10.112.170.72 with SMTP id ak8mr15479873lbc.95.1424814648328;
 Tue, 24 Feb 2015 13:50:48 -0800 (PST)
Received: by 10.25.43.9 with HTTP; Tue, 24 Feb 2015 13:50:48 -0800 (PST)
In-Reply-To: <CALwr1G=u_7+-RS2m55Ouir_Tjw86d34Lk3OjkOJYFDSs0_qU9g@mail.gmail.com>
References: <CALYT1YrHA=E13eqzKnLSPSATdxRy_201yVDp-cdPurQeSkBhrQ@mail.gmail.com>
	<CAEZPtU6ZZ1MuoRvZooBgRmxQQ4p5jGFmUoVURwLfgVWhTqpkUg@mail.gmail.com>
	<CAPwsocH6HHVFYAycO-ZFnTKJzW1J8nuRS-x115ttY=wP0eukAg@mail.gmail.com>
	<CAEZPtU5EQO07tPSazwHbpqF38PdUMNyZhAQoiZ+ejvhnFDcKsg@mail.gmail.com>
	<CAAyV7nHE_Y-H-m5sgZTM=q-MKDXg0ycitTN+--0bPBQcSd8T2g@mail.gmail.com>
	<CALwr1G=BqkNrcxmG8DxRoHPo-US_eY=CrBVY7jeY_0Ekzao02g@mail.gmail.com>
	<CAAyV7nF8YGzDVTccWUSowVzD0=p1eF7e3NLC=zRO0CXiD8nc=w@mail.gmail.com>
	<CALwr1G=u_7+-RS2m55Ouir_Tjw86d34Lk3OjkOJYFDSs0_qU9g@mail.gmail.com>
Date: Tue, 24 Feb 2015 16:50:48 -0500
Message-ID: <CAAyV7nEFoNYTc0XnbLh7NYFzg0AnFO6zKLtgw-x04U48Z==kbQ@mail.gmail.com>
To: =?UTF-8?Q?P=C3=A1draic_Brady?= <padraic.brady@gmail.com>
Cc: Pierre Joye <pierre.php@gmail.com>, Leigh <leight@gmail.com>, 
	Sammy Kaye Powers <me@sammyk.me>, PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] [DISCUSSION] Reliable user-land CSPRNG
From: ircmaxell@gmail.com (Anthony Ferrara)

Padraic,

>>> Technically, it will be harder than uniqid() if producing strictly
>>> random bytes (if output needs to be printable/readable).
>>> That's not a "bad" thing obviously!
>>
>> Sure. But does that indicate the need for a "random_string()" function?
>
> It would be more random than a stream of 0-9 integer characters, and
> probably useful compared to base64'ing a byte stream. I'm afraid to go
> survey how its done in the wild right now. Possibly?

I've done it two ways:

Bitmasks:
https://github.com/ircmaxell/RandomLib/blob/master/lib/RandomLib/Generator.php#L228

String of characters:
https://github.com/ircmaxell/random_compat/blob/master/lib/random.php#L147

I think the latter is the easiest, especially if we define constants
with "normal" char lists: "ALPHA", "ALPHA_NUMERIC", "BASE64", etc and
default to "ALPHA_NUMERIC"...

Tho I am sure there are other ways out there.

Anthony