Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:84817
Return-Path: <php@beccati.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 63004 invoked from network); 15 Mar 2015 10:30:02 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Mar 2015 10:30:02 -0000
Authentication-Results: pb1.pair.com header.from=php@beccati.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=php@beccati.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain beccati.com designates 176.9.114.167 as permitted sender)
X-PHP-List-Original-Sender: php@beccati.com
X-Host-Fingerprint: 176.9.114.167 spritz.beccati.com  
Received: from [176.9.114.167] ([176.9.114.167:53071] helo=mail.beccati.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 5D/85-29489-72F55055 for <internals@lists.php.net>; Sun, 15 Mar 2015 05:30:00 -0500
Received: (qmail 23943 invoked from network); 15 Mar 2015 10:29:55 -0000
Received: from home.beccati.com (HELO ?192.168.1.202?) (88.149.176.119)
  by mail.beccati.com with SMTP; 15 Mar 2015 10:29:55 -0000
Message-ID: <55055F1D.2020200@beccati.com>
Date: Sun, 15 Mar 2015 11:29:49 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Sammy Kaye Powers <me@sammyk.me>, 
 PHP Internals <internals@lists.php.net>
References: <CALYT1YrJrGAnjVFNQ5HHpYJmFnS4W9PH7XFU557Q=aHH0Jrb2A@mail.gmail.com>
In-Reply-To: <CALYT1YrJrGAnjVFNQ5HHpYJmFnS4W9PH7XFU557Q=aHH0Jrb2A@mail.gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] [VOTE] Vote open for reliable user-land CSPRNG
From: php@beccati.com (Matteo Beccati)

On 15/03/2015 04:23, Sammy Kaye Powers wrote:
> A two week discussion period has been held for the reliable user-land
> CSPRNG RFC to add `random_bytes()` and `random_int()`. The RFC has now been
> moved into voting.
>
> https://wiki.php.net/rfc/easy_userland_csprng
>
> There was some discussion of prefixing the function names with `crypto_*()`
> but there are a few reasons we decided against this:
>
> 1) There is a crypto pecl extension, so the pseudo-namespace might cause
> confusion.
> 2) We want to work on a fully featured crypto framework for 7.1, and
> crypto_* is a good prefix for that, so again, we don't want to mix things
> up.

Disclaimer: I do know a little about security, but I am not a 
crypto-expert by any means. If I'm saying something silly, just let me 
know ;)

I want to vote yes, but naming is something that scares me a bit. 
Without any indication that it's CSPRNG, people might start using it 
even when unnecessary, and I'd be worried about potential negative 
effects, such as exhausting the entropy pool. It's probably more of a 
documentation problem, but we know many won't read the docs and a "hint" 
in the function name could help guiding users.

For example, it would be overkill to use random_int() to randomly pick 
the content of a boxes at each reload of a web page, but if what I need 
is a *random int*, then random_int() seems a far better choice than some 
obscure rand() or mt_rand().

Or in the poker deck example, wouldn't it be enough just to seed 
mt_srand with a crypto-secure number to remove the biasing and using 
mt_rand to shuffle the deck?


Cheers
-- 
Matteo Beccati

Development & Consulting - http://www.beccati.com/