Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:83709 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 76620 invoked from network); 24 Feb 2015 22:34:10 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Feb 2015 22:34:10 -0000 Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.175 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.216.175 mail-qc0-f175.google.com Received: from [209.85.216.175] ([209.85.216.175:46219] helo=mail-qc0-f175.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DC/C9-24698-16CFCE45 for ; Tue, 24 Feb 2015 17:34:09 -0500 Received: by qcxr5 with SMTP id r5so19382791qcx.13 for ; Tue, 24 Feb 2015 14:34:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=a7Uik5GjNQs7BLsCrE/bAlfVtraZQhSnVYorN3SeCEw=; b=XykSaV2JtsWYi4hNeqR52vRjCCgf5QPnjLWSaj5g0a4UaxjK02CX78UuUWh1OeDer3 bfM1Px3skodL3WerYrk5D8lb5S/MztWEDbOV/N9wfAPvyOH+yWxC0GvjZSUaANfmAMKZ hVH/Ykg2Gak7h9gAm38WHzqX6xs5Cblj7OCgkoTTvxSJ+vw0cd8QUCx5nWLdkQSU1JAF 8JuLkVmjaLqTz/9FeIUOa9GLpW6duhTZb6xt0cx3aTWJ+eO31cU3yDPXnm2OX0OpcHoG wVdGsRpsx+iPMCmxPioNklA8PPx86LVDzMEjD3KWNmzeYjY6Ahqfo5pBL4rmocrCfQ4R 5tAg== MIME-Version: 1.0 X-Received: by 10.229.221.197 with SMTP id id5mr599464qcb.16.1424817246732; Tue, 24 Feb 2015 14:34:06 -0800 (PST) Received: by 10.96.39.195 with HTTP; Tue, 24 Feb 2015 14:34:06 -0800 (PST) In-Reply-To: References: Date: Tue, 24 Feb 2015 14:34:06 -0800 Message-ID: To: Leigh Cc: Anthony Ferrara , Sammy Kaye Powers , PHP internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] [RFC] [DISCUSSION] Reliable user-land CSPRNG From: pierre.php@gmail.com (Pierre Joye) On Tue, Feb 24, 2015 at 1:39 PM, Leigh wrote: > On 24 February 2015 at 20:54, Pierre Joye wrote: >> On Feb 24, 2015 12:04 PM, "Anthony Ferrara" wrote: >>> PERHAPS, it could be written in such a way that a PECL extension can >>> alter the RNG to accommodate that usecase. But I'd be wary of that and >>> core supporting userland RNGs. >> >> Yes, driver based. That brings some risk but worth exploring this >> possibility. > > We can make the function a pointer. That's not a problem. The problem > is when people assign their own function to this pointer :) > >> You actually reduce the data set, bytes level or higher, the randomness of >> the data is then restricted or limited and sequences may happen, worst case >> it could make it less hard (or easier) to predict. I have seen these cases >> in a couple of projects which rely heavily on entropy. > > If you need very high quality and high throughput entropy I can add > that to this patch. I left it out for now, because I didn't want this > to become over-complicated. If not having an fd-less crypto-quality > high throughput is a show stopper for you then let me know, we can fix > this. It is only about the amount of data. The trend to have bunch amount of apps running on the same physical host, it can exhaust the entropy quickly.