Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:88759 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 49729 invoked from network); 13 Oct 2015 00:29:52 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Oct 2015 00:29:52 -0000 Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.115 as permitted sender) X-PHP-List-Original-Sender: fsb@thefsb.org X-Host-Fingerprint: 173.203.187.115 smtp115.iad3a.emailsrvr.com Linux 2.6 Received: from [173.203.187.115] ([173.203.187.115:37691] helo=smtp115.iad3a.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5A/74-16518-F705C165 for ; Mon, 12 Oct 2015 20:29:52 -0400 Received: from smtp31.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp31.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 27C7638059D for ; Mon, 12 Oct 2015 20:29:49 -0400 (EDT) Received: by smtp31.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 8536538059B for ; Mon, 12 Oct 2015 20:29:47 -0400 (EDT) X-Sender-Id: fsb@thefsb.org Received: from [10.0.1.2] (c-73-4-147-142.hsd1.ma.comcast.net [73.4.147.142]) (using TLSv1 with cipher DES-CBC3-SHA) by 0.0.0.0:465 (trex/5.4.2); Tue, 13 Oct 2015 00:29:49 GMT User-Agent: Microsoft-MacOutlook/14.5.5.150821 Date: Mon, 12 Oct 2015 20:29:45 -0400 To: php-internals Message-ID: Thread-Topic: Port random_bytes to PHP 5 Mime-version: 1.0 Content-type: text/plain; charset="UTF-8" Content-transfer-encoding: 7bit Subject: Port random_bytes to PHP 5 From: fsb@thefsb.org (Tom Worster) Could we regard random_bytes() as a security patch rather than a new feature and therefore port it to PHP 5? Error handling would have to change but that should be feasible. Iirc, earlier commits of random_bytes() had PHP 5-like behavior on error. My motivation: it's easier to defend abandoning OpenSSL's RNG (e.g. in paragonie/random_compat) if we could say to Windows users stuck with nothing else: "Upgrade to the latest point release of PHP 5.x. It has a proper fix." Tom