Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:83898
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 17165 invoked from network); 26 Feb 2015 15:45:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 Feb 2015 15:45:14 -0000
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.47 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.216.47 mail-qa0-f47.google.com  
Received: from [209.85.216.47] ([209.85.216.47:33276] helo=mail-qa0-f47.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CB/53-32582-98F3FE45 for <internals@lists.php.net>; Thu, 26 Feb 2015 10:45:14 -0500
Received: by mail-qa0-f47.google.com with SMTP id v10so8333863qac.6
        for <internals@lists.php.net>; Thu, 26 Feb 2015 07:45:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=uMpjkHtEc7HfQvTq0qCsvG4jRWcwg3y/sCsqps6EqBU=;
        b=aqP6DglzsyRqh+e/vayjZRFrjLUSL8o+vTwMElu/c23ire/ksxxy471G5hhPLVtvm5
         CnNkJM2kROC5H0ASyyCprKQSzf8nO98Xo6C6Gl4WskO0GXxSoPGMAnBMxrl/LykkJUuJ
         x3xhDgwBRDUM81jEIjszcPWCugv095pXSn3vcCGJtNHEWSI3xJ2AM7+pAJD9r7KBc+re
         IdTV1bkV26EP06BtrUKL3QycrSD+0UCsEn6acnaEZnMGGzk2m8cdxtmAv6PO2XocSpnQ
         z+l7WQrZuvGV+OG4kAlvqj27GZA3w2ybyz6llbkFN4JrmLN3w6cLl3BpqmxdR8ORb9yy
         WnQQ==
MIME-Version: 1.0
X-Received: by 10.140.238.13 with SMTP id j13mr19416200qhc.75.1424965511661;
 Thu, 26 Feb 2015 07:45:11 -0800 (PST)
Received: by 10.96.39.195 with HTTP; Thu, 26 Feb 2015 07:45:11 -0800 (PST)
In-Reply-To: <54EEDDDD.3020607@gmail.com>
References: <D1138D6D.5DCE0%fsb@thefsb.org>
	<CAPwsocFtOnB_9uEJUXF-JLhrx0umeW7pKM_mYKRG2eBOM6oYwQ@mail.gmail.com>
	<CAEZPtU4Z9pSKydr-gH43nvDwtGfLTQv_RArqVk2SQg2qLoYZ2A@mail.gmail.com>
	<CAEZPtU7V_DKvrSAJZZA=OaktXpuPsGCuAzggobvSS63VUxbDTA@mail.gmail.com>
	<CALYT1Yp_szH_M=4ufwVXAng9iuva8rahqazjjZX+Br717k0urg@mail.gmail.com>
	<54EEDDDD.3020607@gmail.com>
Date: Thu, 26 Feb 2015 07:45:11 -0800
Message-ID: <CAEZPtU5nxedH=y1riLmdKC5y3xRzLat+v3V2V5J_gCHRATLi8Q@mail.gmail.com>
To: Stanislav Malyshev <smalyshev@gmail.com>
Cc: Sammy Kaye Powers <me@sammyk.me>, Leigh <leight@gmail.com>, Tom Worster <fsb@thefsb.org>, 
	php-internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] [DISCUSSION] Reliable user-land CSPRNG
From: pierre.php@gmail.com (Pierre Joye)

On Thu, Feb 26, 2015 at 12:48 AM, Stanislav Malyshev
<smalyshev@gmail.com> wrote:
> Hi!
>
>> I'm cool with that idea but I also think it should be spelled out like `
>> random_crypto_*()` as Pierre suggests. I like `secure_random_bytes()` but
>> that's because it's what Ruby names their CSPRNG. :)
>
> The custom is that the first word names the function group (yes, I know
> old functions do not follow it, but this is new one). Unless we're going
> to introduce a group of functions called secure_*, random_* is a natural
> choice. I would be careful with using words like "secure", "crypto" etc.
> in general because they may be easily misunderstood - something like
> random_bytes() would do as well I think.

I agree. It should (and it is the case in the RFC) starts with
random_. As of "crypto", it is something different here as it does
match what it actually does, provides crypto safe PRNG. And the term
"crypto safe" is a well defined term. Yes, many users confuse "good",
"strong" and "crypto safe", but this is a documentation and education
issue and we should not invent new wording for industry standards.


-- 
Pierre

@pierrejoye | http://www.libgd.org