Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:83819 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 26107 invoked from network); 25 Feb 2015 20:02:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Feb 2015 20:02:18 -0000 Authentication-Results: pb1.pair.com header.from=padraic.brady@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=padraic.brady@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.54 as permitted sender) X-PHP-List-Original-Sender: padraic.brady@gmail.com X-Host-Fingerprint: 209.85.213.54 mail-yh0-f54.google.com Received: from [209.85.213.54] ([209.85.213.54:38088] helo=mail-yh0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id CB/32-12216-94A2EE45 for ; Wed, 25 Feb 2015 15:02:17 -0500 Received: by yhzz6 with SMTP id z6so2166021yhz.5 for ; Wed, 25 Feb 2015 12:02:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=lcL5vfLBfKnwgi4Jesyrr6b+4qOjy44aMztQVYxnon8=; b=Hyhsvq7RiCf32rvbhI1OC2eMMPzpWRuRNgNIzyxd65BzP1JNCDV5tkeRaZjy80siSj ZNH8oMqW83UKfqi9obLrjfWq3pjTf2P0sIgcABbCnEMGYfCuWNzi1ELufSjp/zsBqCri 1x33zqRufowJY/CDJ55G1PcTWMHScGu6Ht3Uh0wLiX04EYpe2wJKl3sAGhRdbda6Zr1o 46r4ssu2sr2JAlxvFR22oY4Zhd2BLFlTOqNaTLy0KHgihG12mE0uXk7znUeQ2GDL4dx4 cA33OzIRvTKp5CopGVCyQxTLRNQMCr6ikISs/VptgNLM8bTv/HM+S9BplZRgBXGuvRRN QxTg== MIME-Version: 1.0 X-Received: by 10.236.227.198 with SMTP id d66mr4560720yhq.147.1424894535253; Wed, 25 Feb 2015 12:02:15 -0800 (PST) Received: by 10.170.222.86 with HTTP; Wed, 25 Feb 2015 12:02:15 -0800 (PST) In-Reply-To: <54ED5811.10403@garfieldtech.com> References: <54ED5811.10403@garfieldtech.com> Date: Wed, 25 Feb 2015 20:02:15 +0000 Message-ID: To: Larry Garfield Cc: "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] [RFC] [DISCUSSION] Reliable user-land CSPRNG From: padraic.brady@gmail.com (=?UTF-8?Q?P=C3=A1draic_Brady?=) Hi Larry, I think we'd be biting off too much to be worth chewing for other character sets. Most uses are going to revolve around characters allowed in URLs. Expanding that, to a degree, perhaps per a additional character list, or character list flag, might not be too far, but things will get interesting once you start requiring whole custom character lists with multibyte chars thrown in. Of course, random_string(LOTS_OF_FLAGS) might not be all that helpful once you get enough variations involved to require a page of explanatory text to cover them. Paddy On 25 February 2015 at 05:05, Larry Garfield wrote= : > I can see the use for random_string(), but what about character sets? Do= es > it only generate random characters within ASCCI / low-UTF-8? Wouldn't > someone in Novsibirsk want it to generate a random Cyrillic string? > > That said, I am +1 on the original proposal. It's in the similar vein as > password_hash(): If users have to think, they'll screw up. Don't make the= m > think. > > --Larry Garfield -- P=C3=A1draic Brady http://blog.astrumfutura.com http://www.survivethedeepend.com