Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:84951
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 2747 invoked from network); 15 Mar 2015 22:57:07 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Mar 2015 22:57:07 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.44 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.220.44 mail-pa0-f44.google.com  
Received: from [209.85.220.44] ([209.85.220.44:34883] helo=mail-pa0-f44.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id D1/D5-06614-F3E06055 for <internals@lists.php.net>; Sun, 15 Mar 2015 17:57:04 -0500
Received: by pabyw6 with SMTP id yw6so45916714pab.2
        for <internals@lists.php.net>; Sun, 15 Mar 2015 15:57:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        bh=KyVu46ZCTv6zg1ZRkNvIjcyVMSusZGoB6/dfw4u3Ft0=;
        b=oMf005d+32JeN7E1Mx0+opBicUib9VD4k3Etvp7+hWBlIYC1bfz6kG8xjZ4ucVPtjV
         CSAGwOXwKBOJJrYGOV7HvExtbAWPUSaFdDumqov/QBe5cpVReV5dgHBt0oncwbWsqVir
         NcYwhWfZps4ED8pHUxSqhAfp59YdBMvg/rv+XVMVHNHizTXSsafLo7UXAsm5HuoTbFo+
         w13DDV8zyw4TDMReyhkwW0KN+y/K4MIh311Suf0MC6JR2FqpFxdHAqihHxxEJCfVyxry
         LoS8nuU9L5mZuFTAlGVnBVmiJf8OfOzKDKqnjSeN6pK29vAT7+sM+TbjB2YKZ2NQaPJQ
         KUPg==
X-Received: by 10.70.131.227 with SMTP id op3mr89806586pdb.12.1426460221306;
        Sun, 15 Mar 2015 15:57:01 -0700 (PDT)
Received: from Stas-Air.local ([24.32.31.168])
        by mx.google.com with ESMTPSA id fz15sm13899367pdb.54.2015.03.15.15.57.00
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sun, 15 Mar 2015 15:57:00 -0700 (PDT)
Message-ID: <55060E3A.4040509@gmail.com>
Date: Sun, 15 Mar 2015 15:56:58 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Matteo Beccati <php@beccati.com>, Sammy Kaye Powers <me@sammyk.me>, 
 PHP Internals <internals@lists.php.net>
References: <CALYT1YrJrGAnjVFNQ5HHpYJmFnS4W9PH7XFU557Q=aHH0Jrb2A@mail.gmail.com> <55055F1D.2020200@beccati.com>
In-Reply-To: <55055F1D.2020200@beccati.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] [VOTE] Vote open for reliable user-land CSPRNG
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> I want to vote yes, but naming is something that scares me a bit.
> Without any indication that it's CSPRNG, people might start using it
> even when unnecessary, and I'd be worried about potential negative
> effects, such as exhausting the entropy pool. It's probably more of a

After reading http://www.2uo.de/myths-about-urandom/, I have hard time
seeing how "exhausting entropy pool" would be a real problem.I mean, if
running PRNG for "too long" is dangerous, wouldn't we already have much
more serious problem with encryption routines based on them which
basically do it all the time?  Maybe I don't understand the crypto
theory under this enough, in which case it may be interesting to read
something that explains how that happens and what is the actual problem
there.
-- 
Stas Malyshev
smalyshev@gmail.com