Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:93789
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 20607 invoked from network); 4 Jun 2016 22:25:11 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Jun 2016 22:25:11 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.178 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.161.178 mail-yw0-f178.google.com  
Received: from [209.85.161.178] ([209.85.161.178:33218] helo=mail-yw0-f178.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 41/1E-25194-64553575 for <internals@lists.php.net>; Sat, 04 Jun 2016 18:25:10 -0400
Received: by mail-yw0-f178.google.com with SMTP id h19so111008951ywc.0
        for <internals@lists.php.net>; Sat, 04 Jun 2016 15:25:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-transfer-encoding;
        bh=7/4Bx72B650DnBrl+Obaijj4+eriAB+iRs+fugCK58g=;
        b=Pisu9fjRR84Hihh/LrcX6jFy86aYB9+0mKWuqiJM65IkJM6eUf/CUIHkmRJv9QoKdC
         Kf+xPJKoNUZMrLxrh/PO6Isx887zyl6dk61NVv4Gr8q5xNMakGQaQRki+30WsWjJVzfH
         Z0fymJUlCrys2Z/u8koW1F8THxi1jVs6JUVL3RKpVJT5k317sCD8zhRybkTNlt/GaGOJ
         6DEZ6ac3MLh4flA7yxZ+7Lxe9FGKmTW/6vbbu96n5ZTwAfIyXNdzuYX3kqHqmZS3s6ma
         7xju/155c+YmjX9hr3LLx+FrNCy3mkCEB07/jhMPOuZZHWic6mOc0HH3QhtfUstouoV4
         TjIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding;
        bh=7/4Bx72B650DnBrl+Obaijj4+eriAB+iRs+fugCK58g=;
        b=gPq3azZDk2EcowRyUSZSLAWexMmEwGU5UC9ce/y3K15nyvoMvWZV3XHNKnn/FyHbNu
         1oZG2tn0JmsGB7MCCA7uWLjTfPL8JIRAnUh1i3epb4FljCIs5uCKbKkz5w1zNFXGhzy+
         e4/E+KlKslwSlfClsQeMBv8TMt84fZXPv88de3f7vCnCs85JTYl+NtY7fi0v7L4Mkvy6
         mXTtjHgCqA6+BDjHiCoYralBt06XtAnpFW3AF/gDVEoZO53+W8qSeVxxvKdWNQoBdOiQ
         aR1Ga5N5WynEV9wZLxZkpQvb7xV+ns/kX16ivn4a5OjE5FwDByFjEXm+Pzx1OXn00+hI
         P3zw==
X-Gm-Message-State: ALyK8tI5z9V+Gl7cjPt2EF1yaUKO+M1TD5WZ2MeWn4vaNEZwnxzcHyzILIrydHlacFEq9Q==
X-Received: by 10.129.135.1 with SMTP id x1mr7579935ywf.31.1465079107284;
        Sat, 04 Jun 2016 15:25:07 -0700 (PDT)
Received: from stas-air.attlocal.net (76-220-46-95.lightspeed.sntcca.sbcglobal.net. [76.220.46.95])
        by smtp.gmail.com with ESMTPSA id w185sm7352988ywe.1.2016.06.04.15.25.06
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sat, 04 Jun 2016 15:25:06 -0700 (PDT)
To: internals@lists.php.net, Niklas Keller <me@kelunik.com>,
 Scott Arciszewski <scott@paragonie.com>
References: <CAKws9z114YcHkDaXO3o-E0JuHR10WsPzyedeF_8Q=shHDziwug@mail.gmail.com>
 <CADyq6sKr_6qi4Fnk9+yxgCA5j_xF7B7vxq7HH5_nneax5bLf5A@mail.gmail.com>
 <295c09d5-01af-1528-8e61-00dc6ee6c69e@fleshgrinder.com>
 <CANUQDCiV_GQD+zPSer5JUUJyP1Vg3ROo+-Bd=hLOSfvrLO2oPQ@mail.gmail.com>
 <52b8417d-4d23-338c-0737-562ddc7476b5@fleshgrinder.com>
Message-ID: <0b86d8dd-1049-938f-586a-da0c2449c3df@gmail.com>
Date: Sat, 4 Jun 2016 15:25:07 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0)
 Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <52b8417d-4d23-338c-0737-562ddc7476b5@fleshgrinder.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] Libsodium - Discussion
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> For instance nonce arguments ...
> 
>   $nonce = randombytes_buf(CRYPTO_SECRETBOX_NONCEBYTES);
>   crypto_secretbox(...

Speaking of which, what about just passing null there (or make it
optional) that would make the function generate a new random nonce of
suitable size? It's BTW would be very annoying to watch each time to use
nonce of the suitable size and would produce a lot of bugs. Not talking
about having to type CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES and
distinguish it from CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES.

> randombytes_uniform() has a weird name that does not really tell what it
> does. random_int_uniform() would be better and match the existing
> random_int() function.

We don't really need the uniform part if we don't have the non-uniform
one. If the only one we get is uniform, and it's the one we actually
want, we should not spell it out in the name - we should name it
something like random_int or random_range or random_between and explain
in the docs that yes, it's the  uniform one and it's the only you get
because uniform is awesome.

> Again, I really like the goal but I don't think that the current
> proposal meets it. I also understand the desire to have it in 7.1 but it
> is the same problem as in every company: rushing is bad! Once released
> we're done. We cannot remove it anymore, we cannot change it anymore, we
> have to live with it. All because we wanted something better but too fast.

Hear, hear!

-- 
Stas Malyshev
smalyshev@gmail.com