Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:88761 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 59142 invoked from network); 13 Oct 2015 02:53:16 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Oct 2015 02:53:16 -0000 Authentication-Results: pb1.pair.com smtp.mail=larry@garfieldtech.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=larry@garfieldtech.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain garfieldtech.com from 66.111.4.25 cause and error) X-PHP-List-Original-Sender: larry@garfieldtech.com X-Host-Fingerprint: 66.111.4.25 out1-smtp.messagingengine.com Received: from [66.111.4.25] ([66.111.4.25:60761] helo=out1-smtp.messagingengine.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 30/85-16518-5127C165 for ; Mon, 12 Oct 2015 22:53:10 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 7091F2027A for ; Mon, 12 Oct 2015 22:53:07 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Mon, 12 Oct 2015 22:53:07 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=xoVGegqQAWgf8EX 5MBzNhCguQV0=; b=ob+FrjpaORbuR5DAav+ikhHarZgJ/dsnghx+h65vSuWfPh7 m1cL7iu+RmiKsGSadyVgcS0ExqUEJbosJB/wDD+79rIGo/RZfuIXAR1R/DiONN/1 Ar/JC+GlwTe/tnp1dXcwrzbxfAa3bi/4DoB6zZAh0dbzMAO2g3TpNboNVpjs= X-Sasl-enc: rT9zITPtwZ3xgICeo5Tdxn6XMhC9ivTKon4QxngYygfg 1444704787 Received: from [192.168.42.5] (c-73-208-148-59.hsd1.il.comcast.net [73.208.148.59]) by mail.messagingengine.com (Postfix) with ESMTPA id 311DFC00021 for ; Mon, 12 Oct 2015 22:53:07 -0400 (EDT) To: internals@lists.php.net References: Message-ID: <561C7212.6080400@garfieldtech.com> Date: Mon, 12 Oct 2015 21:53:06 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Port random_bytes to PHP 5 From: larry@garfieldtech.com (Larry Garfield) On 10/12/2015 07:29 PM, Tom Worster wrote: > Could we regard random_bytes() as a security patch rather than a new > feature and therefore port it to PHP 5? > > Error handling would have to change but that should be feasible. Iirc, > earlier commits of random_bytes() had PHP 5-like behavior on error. > > My motivation: it's easier to defend abandoning OpenSSL's RNG (e.g. in > paragonie/random_compat) if we could say to Windows users stuck with > nothing else: "Upgrade to the latest point release of PHP 5.x. It has a > proper fix." > > Tom Since there's no 5.7 release planned, you're talking about adding it in a 5.6.x? What's wrong with the random_compat library as a solution for 5.6 users? --Larry Garfield