Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87172
Return-Path: <sammyk@sammykmedia.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 68608 invoked from network); 14 Jul 2015 21:05:00 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 Jul 2015 21:05:00 -0000
Authentication-Results: pb1.pair.com smtp.mail=sammyk@sammykmedia.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=sammyk@sammykmedia.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain sammykmedia.com from 209.85.212.175 cause and error)
X-PHP-List-Original-Sender: sammyk@sammykmedia.com
X-Host-Fingerprint: 209.85.212.175 mail-wi0-f175.google.com  
Received: from [209.85.212.175] ([209.85.212.175:36511] helo=mail-wi0-f175.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 34/40-64110-B7975A55 for <internals@lists.php.net>; Tue, 14 Jul 2015 17:04:59 -0400
Received: by widjy10 with SMTP id jy10so110654336wid.1
        for <internals@lists.php.net>; Tue, 14 Jul 2015 14:04:56 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:sender:date:message-id:subject:from
         :to:content-type;
        bh=HS8FXgtDj48saooFENZ0e4IjqPfIS5/zpBzf+Qpmw8I=;
        b=jADdKMAChmD79G4Dotr0MJp/IcIUnHFs1IgkXWsgkzwOPklJh4DN1JatlsJ3LGpR7f
         p5ujSg5EcVeuRwDk56ix0df7l/uzeg+bTFA7BO7m+tN3tleg1ZYQRC9EMGYCA5tKgDWs
         9ZKijIosYq7wwr/kpOmvbYFMNXFycE4zIaHeScCD2GILjDYWixx+j9CF3TvKUgcQnf/x
         /2s+AMvD1mVWlKeU6dFmzAHyRs6/1LWfMyGslG/uAyxcb85Toorx65FZRBqkuGiLI6R4
         hr1mCIlpwf1dL6QETsaMZxbvaGU5HUBDJlfxpBVYmXe5UACyhQHuOTXY9bDANC0ojF9a
         QN4w==
X-Gm-Message-State: ALoCoQmcPVT0sibk4vZMjrg4W72KElmlZ9Lfk40RMG6Kh/+YXTF2ys+eD5JHTW+CLQTij4rFGivp
MIME-Version: 1.0
X-Received: by 10.180.88.201 with SMTP id bi9mr9269267wib.58.1436907895855;
 Tue, 14 Jul 2015 14:04:55 -0700 (PDT)
Sender: sammyk@sammykmedia.com
Received: by 10.194.187.47 with HTTP; Tue, 14 Jul 2015 14:04:55 -0700 (PDT)
X-Originating-IP: [50.254.30.19]
Date: Tue, 14 Jul 2015 16:04:55 -0500
X-Google-Sender-Auth: x8aj6tkFozuzJyXPhP_w2b79ejk
Message-ID: <CALYT1Yo-ae+cemXaaXs5Jv5t2DSzdxdYuxuhEGbXyoo_863+bw@mail.gmail.com>
To: PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=f46d04428122b530cc051adc30be
Subject: Core functions throwing exceptions in PHP7
From: me@sammyk.me (Sammy Kaye Powers)

--f46d04428122b530cc051adc30be
Content-Type: text/plain; charset=UTF-8

Hello lovely PHP nerds,

There are two open PR's for PHP7 to modify the behavior of the CSPRNG's:

https://github.com/php/php-src/pull/1397 (main discussion)
https://github.com/php/php-src/pull/1398

Currently the random_*() functions will issue a warning and return false if
a good source of random cannot be found. This is a potential security hole
in the event the RNG fails and returns false which gets evaluated as 0 in a
cryptographic context.

To prevent this exploit the proposed behavior will throw an Exception when
the RNG fails or certain argument validation fails. This also gives the
developer a graceful way to fall back to an alternate CSPRNG.

Since the core functions in PHP don't throw Exceptions, there is debate on
whether or not this change should be implemented. Some say the CSPRNG's
should get a special pass since they will be relied on for cryptography. If
we can't throw Exceptions, there were suggestions of raising a fatal error
if the RNG fails.

I think the argument can be boiled down to consistency vs security. We'd
love to hear your feedback to decide what we should do in this context. :)

Thanks,
Sammy Kaye Powers
sammyk.me

Chicago, IL 60604

--f46d04428122b530cc051adc30be--