Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:83740 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 39181 invoked from network); 25 Feb 2015 05:05:25 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Feb 2015 05:05:25 -0000 Authentication-Results: pb1.pair.com smtp.mail=larry@garfieldtech.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=larry@garfieldtech.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain garfieldtech.com from 66.111.4.25 cause and error) X-PHP-List-Original-Sender: larry@garfieldtech.com X-Host-Fingerprint: 66.111.4.25 out1-smtp.messagingengine.com Received: from [66.111.4.25] ([66.111.4.25:34731] helo=out1-smtp.messagingengine.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 47/01-32189-4185DE45 for ; Wed, 25 Feb 2015 00:05:25 -0500 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id B6F9C20BAE for ; Wed, 25 Feb 2015 00:05:21 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute5.internal (MEProxy); Wed, 25 Feb 2015 00:05:22 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=x-sasl-enc:message-id:date:from :mime-version:to:subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=gRoo+nJChlRA9VlVGbk1Q0 2Exf4=; b=FCdn4BE7mtQxPkzwugbFBetz6lNkO355/ldm3mZTM/+Ic3IimvD9wh QgLdLmvoR8id2eDHA4CigvOMW+qlW0/lsgPraHFCClXcSdwA7whxi+/L8ayHd8YX VOe1wGH1GF62RtBkcRIiJYb4GfldzczB21lpmzCwzk2219gQ37T+A= X-Sasl-enc: 0AKpqdh9+ZmaViIVo+TdMCzaKUWKCZZKflrj4hehHYVR 1424840722 Received: from [192.168.42.145] (unknown [98.226.241.18]) by mail.messagingengine.com (Postfix) with ESMTPA id 37850C0029D for ; Wed, 25 Feb 2015 00:05:22 -0500 (EST) Message-ID: <54ED5811.10403@garfieldtech.com> Date: Tue, 24 Feb 2015 23:05:21 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: internals@lists.php.net References: In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] [RFC] [DISCUSSION] Reliable user-land CSPRNG From: larry@garfieldtech.com (Larry Garfield) On 02/24/2015 07:41 PM, Yasuo Ohgaki wrote: > Hi Padraic, > > On Wed, Feb 25, 2015 at 7:54 AM, Pádraic Brady > wrote: > >> On 24 February 2015 at 22:08, Yasuo Ohgaki wrote: >>> Random bytes is better. People would use it for IV or like with the >>> size of IV. If we use string, users loose effective bits. >> Suggestion was for an additional function, so random_bytes() would >> still be there ;). > > random_string() sounds good to me, too! > It can be used system generated passwords, etc. I can see the use for random_string(), but what about character sets? Does it only generate random characters within ASCCI / low-UTF-8? Wouldn't someone in Novsibirsk want it to generate a random Cyrillic string? That said, I am +1 on the original proposal. It's in the similar vein as password_hash(): If users have to think, they'll screw up. Don't make them think. --Larry Garfield