Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:88778 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 13738 invoked from network); 13 Oct 2015 14:17:24 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Oct 2015 14:17:24 -0000 Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.123 as permitted sender) X-PHP-List-Original-Sender: fsb@thefsb.org X-Host-Fingerprint: 173.203.187.123 smtp123.iad3a.emailsrvr.com Linux 2.6 Received: from [173.203.187.123] ([173.203.187.123:44174] helo=smtp123.iad3a.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4A/91-05441-1721D165 for ; Tue, 13 Oct 2015 10:17:23 -0400 Received: from smtp16.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp16.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 5B26C1806FC; Tue, 13 Oct 2015 10:17:18 -0400 (EDT) Received: by smtp16.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 36A9B1806A2; Tue, 13 Oct 2015 10:17:18 -0400 (EDT) X-Sender-Id: fsb@thefsb.org Received: from yossy.local (c-73-4-147-142.hsd1.ma.comcast.net [73.4.147.142]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA) by 0.0.0.0:587 (trex/5.4.2); Tue, 13 Oct 2015 14:17:18 GMT To: Larry Garfield , PHP Internals References: <561C7212.6080400@garfieldtech.com> Message-ID: <561D1266.60101@thefsb.org> Date: Tue, 13 Oct 2015 10:17:10 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: <561C7212.6080400@garfieldtech.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Port random_bytes to PHP 5 From: fsb@thefsb.org (Tom Worster) On 10/12/15 10:53 PM, Larry Garfield wrote: > On 10/12/2015 07:29 PM, Tom Worster wrote: >> Could we regard random_bytes() as a security patch rather than a new >> feature and therefore port it to PHP 5? >> >> Error handling would have to change but that should be feasible. Iirc, >> earlier commits of random_bytes() had PHP 5-like behavior on error. >> >> My motivation: it's easier to defend abandoning OpenSSL's RNG (e.g. in >> paragonie/random_compat) if we could say to Windows users stuck with >> nothing else: "Upgrade to the latest point release of PHP 5.x. It has a >> proper fix." >> >> Tom > > Since there's no 5.7 release planned, you're talking about adding it in > a 5.6.x? Yes, maybe even 5.5? > What's wrong with the random_compat library as a solution for > 5.6 users? Good question. Vexing answer. I try to be brief. There are real situations that push random_compat into a corner with only unpleasant options, namely recommending the user install the unsavory mcrypt ext, which provides mcrypt_create_iv(), or resort to OpenSSL's RNG, which is just scary. There are recent discussion of this in a few places, I think you can find them all starting here https://github.com/paragonie/random_compat/issues/5 So I thought another option would be to say "patch your PHP". One possibility to do that is what I proposed above. [I hesitate to mention it but, another is to make mcrypt_create_iv() independent of libmcrypt and present in standard builds of PHP. Maybe the latter is better because existing scripts that test function_exists('mcrypt_create_iv') become more secure.] Tom