Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:88780
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.178 as permitted sender)
MIME-Version: 1.0
In-Reply-To: <561D1266.60101@thefsb.org>
References: <D241C8B9.65E53%fsb@thefsb.org>
	<561C7212.6080400@garfieldtech.com>
	<561D1266.60101@thefsb.org>
Date: Tue, 13 Oct 2015 10:59:25 -0400
Message-ID: <CAAyV7nHzcCVOTGYDpD3yKx3gBPSiT1BuKnyvd1NOD-UBBpnYyA@mail.gmail.com>
To: Tom Worster <fsb@thefsb.org>
Cc: Larry Garfield <larry@garfieldtech.com>, PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Port random_bytes to PHP 5
From: ircmaxell@gmail.com (Anthony Ferrara)

Tom,

On Tue, Oct 13, 2015 at 10:17 AM, Tom Worster <fsb@thefsb.org> wrote:
> On 10/12/15 10:53 PM, Larry Garfield wrote:
>>
>> On 10/12/2015 07:29 PM, Tom Worster wrote:
>>>
>>> Could we regard random_bytes() as a security patch rather than a new
>>> feature and therefore port it to PHP 5?
>>>
>>> Error handling would have to change but that should be feasible. Iirc,
>>> earlier commits of random_bytes() had PHP 5-like behavior on error.
>>>
>>> My motivation: it's easier to defend abandoning OpenSSL's RNG (e.g. in
>>> paragonie/random_compat) if we could say to Windows users stuck with
>>> nothing else: "Upgrade to the latest point release of PHP 5.x. It has a
>>> proper fix."
>>>
>>> Tom
>>
>>
>> Since there's no 5.7 release planned, you're talking about adding it in
>> a 5.6.x?
>
>
> Yes, maybe even 5.5?
>
>
>> What's wrong with the random_compat library as a solution for
>> 5.6 users?
>
> Good question. Vexing answer. I try to be brief.
>
> There are real situations that push random_compat into a corner with only
> unpleasant options, namely recommending the user install the unsavory mcrypt
> ext, which provides mcrypt_create_iv(), or resort to OpenSSL's RNG, which is
> just scary.
>
> There are recent discussion of this in a few places, I think you can find
> them all starting here https://github.com/paragonie/random_compat/issues/5
>
> So I thought another option would be to say "patch your PHP". One
> possibility to do that is what I proposed above.
>
> [I hesitate to mention it but, another is to make mcrypt_create_iv()
> independent of libmcrypt and present in standard builds of PHP. Maybe the
> latter is better because existing scripts that test
> function_exists('mcrypt_create_iv') become more secure.]
>

Overall, I don't think this should be ported back to 5.x

First off, it's pretty late in both 5.5 and 5.6 lifetimes (5.6 is
already up to .14).

Introducing a feature this late would basically make it useless to the
vast majority of users of those versions (since many don't upgrade, or
use distro-pinned versions). I don't like it, but that's the truth.

random_compat serves this need quite nicely, but as always there are
non-trivial tradeoffs at play.

As far as making mcrypt_create_iv more standard, why? That's what
random_bytes() was meant to do (and does). Just encourage people to
move forward with it and upgrade to 7...

Anthony