Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:89028
Return-Path: <fsb@thefsb.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 21504 invoked from network); 1 Nov 2015 20:02:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 1 Nov 2015 20:02:54 -0000
Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.107 as permitted sender)
X-PHP-List-Original-Sender: fsb@thefsb.org
X-Host-Fingerprint: 173.203.187.107 smtp107.iad3a.emailsrvr.com Linux 2.6
Received: from [173.203.187.107] ([173.203.187.107:37647] helo=smtp107.iad3a.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7C/F8-13635-DEF66365 for <internals@lists.php.net>; Sun, 01 Nov 2015 15:02:54 -0500
Received: from smtp30.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1])
	by smtp30.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 1217F380172;
	Sun,  1 Nov 2015 15:02:51 -0500 (EST)
Received: by smtp30.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 4DAD638011A;
	Sun,  1 Nov 2015 15:02:49 -0500 (EST)
X-Sender-Id: fsb@thefsb.org
Received: from [10.0.1.2] (c-73-4-147-142.hsd1.ma.comcast.net [73.4.147.142])
	(using TLSv1 with cipher DES-CBC3-SHA)
	by 0.0.0.0:465 (trex/5.5.4);
	Sun, 01 Nov 2015 15:02:51 -0500
User-Agent: Microsoft-MacOutlook/14.5.7.151005
Date: Sun, 01 Nov 2015 15:02:47 -0500
To: Leigh <leight@gmail.com>
CC: <internals@lists.php.net>
Message-ID: <D25BD98B.671B4%fsb@thefsb.org>
Thread-Topic: Make sessions use php_random_bytes in 7.1
References: <CAPwsocFbM1wYzNni_M02Vd4m4giVeH36RH8uhWfC-uk_uaSqNw@mail.gmail.com>
 <563638C6.3010304@thefsb.org>
 <CAPwsocH6by-g5ZmbQZC1q5gZUovF5JNkCyUQg8hFtpDEPBm=6A@mail.gmail.com>
In-Reply-To: <CAPwsocH6by-g5ZmbQZC1q5gZUovF5JNkCyUQg8hFtpDEPBm=6A@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain;
	charset="UTF-8"
Content-transfer-encoding: 7bit
Subject: Re: Make sessions use php_random_bytes in 7.1
From: fsb@thefsb.org (Tom Worster)

On 11/1/15, 12:40 PM, "Leigh" <leight@gmail.com> wrote:

>On 1 November 2015 at 16:07, Tom Worster <fsb@thefsb.org> wrote:
>
>
>I don't have one.
>
>But if I may ask, I'm curious, as always: What happens in the case that
>php_random_bytes() fails?
>
>Tom
>
>
>That's a good point.
>
>session_start() would throw the exception generated by php_random_bytes()
>letting you know your system is incapable of generating high quality
>random numbers.

I think that's entirely satisfactory.



>However this is a serious issue in it's own right, the APIs used (and the
>way they are used) really only fail if the underlying environment is
>fubar.

Agreed.

Tom