Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:93996
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 9845 invoked from network); 15 Jun 2016 10:33:40 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Jun 2016 10:33:40 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.42 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.218.42 mail-oi0-f42.google.com  
Received: from [209.85.218.42] ([209.85.218.42:34190] helo=mail-oi0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 73/4C-27860-30F21675 for <internals@lists.php.net>; Wed, 15 Jun 2016 06:33:39 -0400
Received: by mail-oi0-f42.google.com with SMTP id d132so26935785oig.1
        for <internals@lists.php.net>; Wed, 15 Jun 2016 03:33:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=KjMo1f3RTzxEHws9beytskEeVJ98PvddowmasaEdEmI=;
        b=fP9iY9vvd0TnQjvZp/kquAPYZxKh9JbOpH3oKzpLngQfMilAnTOgAHszRPZIDnj5zd
         cpwUVnNQSgBCxgrLk2lwYP6or2yHt9xAd7sRObr9fGNznLMPUwivoaJ9ZQ7pMXuzS/hd
         v4k9qPfBDov0ipn0Y4JbqIyNq7WiSJl+VtfRGOJApfxmstqXj7jto5eQLsK0GqXl2l4e
         JMYtWzf/zM9C8Pqy9FDfLn/KNJaaENdV11+J+v3dr8wsJ706TC4RgZtfr/sTqwZPSGYF
         Qr2TvwJuumWM9pXfSGwouwuIbGKGivhIUZ2RJ1UT90PjXg4r+/EZAmRLBfxo1dUPrWho
         EKgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=KjMo1f3RTzxEHws9beytskEeVJ98PvddowmasaEdEmI=;
        b=ZhGckoWyiXZSklepzbcSVK5F2LHw/fuE6e6jG9I79M8qMc20gjHHUQvWcIgXeGyAjm
         6jCWVy3JYm2tGZG/7fCVsVzSJ3t7BROawNzA19Ji6oRzJSC32X7u9/LNuueff+dFZI+T
         d56h3rTODTcoiBejRFxwQ+tlsQkBn+yxVZubOXYW3pRdrmKs7yx8ghmd0uu2cVGsus0q
         nKPvkbE1DsgBIOLj9IWNdUgRH5IJHueIb9sYBEcod+Z6Tw6iJvDeygtaPRAK7ZFfNXIB
         e0A1kRyi4+OAB8870JtodVhkezUDwdhuKX+yz0CxLwt7Mw5Ltzx60yzHHXLNWSQQddr3
         w5qw==
X-Gm-Message-State: ALyK8tKNf8pmacdBUjtSrr6/L/6NwhzHAJeuU4uzyfQpMaFaAfhDKDfwAAcge8CmYrBtoATN2B+C53vu0uSxSg==
X-Received: by 10.157.27.156 with SMTP id z28mr8246588otd.0.1465986816624;
 Wed, 15 Jun 2016 03:33:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.108.197 with HTTP; Wed, 15 Jun 2016 03:33:35 -0700 (PDT)
In-Reply-To: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
References: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
Date: Wed, 15 Jun 2016 17:33:35 +0700
Message-ID: <CAEZPtU6B7xFoY_tSpxveUEWYF49e78sQ881GAT5WwOh_4Nd=Kg@mail.gmail.com>
To: Leigh <leight@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] RNG fixes
From: pierre.php@gmail.com (Pierre Joye)

On Tue, Jun 14, 2016 at 11:46 PM, Leigh <leight@gmail.com> wrote:
> Hey Internals,
>
> I realise I'm cutting it close with this one, but I want to propose some
> changes to our standard random number generators.
>
> The downside of this proposal is that our RNGs (rand() and mt_rand()) are
> seedable and reproduce identical streams (platform dependant) for any given
> seed. However their implementations are broken or inconsistent, so we need
> to weigh up the cost of changing these sequences versus having solid
> implementations.
>
> It is my opinion that if we are going to make any changes to these
> functions, we should make all of the changes at the same time and avoid any
> future disruption to their output.
>
> The RFC contains a few proposals, some of them depend on each other while
> others are standalone. Throughout the discussion phase I hope to reduce the
> number of proposals down to a consensus we can vote on in two weeks time.
>
> I will release a patch when I have a better feeling for the direction we
> want to take.
>
> The issues I want to bring up for discussion are.
>
> * Replacing mt_rand() and rand() to a strong, modern RNG.

I do not think this is a good option, if by strong you mean another kind of RNG.

> * Alternatively, fixing the current mt_rand() implementation to make it
> standard

That sounds more reasonable. An option (please no ini as it is a
programatic flow feature, not a php configuration problem) to keep the
old behavior for BC. Having to add an option for 7.1 or 7.2+ is
reasonable enough for the cases where the current seed and predictable
sequences are desired (same data generations for example using one
seed for example).

> * Replacing insecure uses of php_rand() with php_random_bytes()
> * Making the array_rand() algorithm more efficient

Indeed

> The RFC can be found here: https://wiki.php.net/rfc/rng_fixes
>
> If anyone knows of other fixes that should be made at the same time but I
> have overlooked, please let me know so I can get them included.

Also in the replies to this thread I see the word "crypto" mixed with
mt_rand/rand. It does not make sense to me. I agree that some apps
misused these functions as crypto safe RNG, some may even work around
issues and do not want to change their code to use reliable
alternatives. However this is a documentation/education issue. There
is no need to make mt_rand/rand crypto safe but there is a use for a
reliable implemantion of mt_rand.

Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org