Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94056
Return-Path: <leight@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 77946 invoked from network); 16 Jun 2016 18:55:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Jun 2016 18:55:03 -0000
Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.42 as permitted sender)
X-PHP-List-Original-Sender: leight@gmail.com
X-Host-Fingerprint: 209.85.215.42 mail-lf0-f42.google.com  
Received: from [209.85.215.42] ([209.85.215.42:36359] helo=mail-lf0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2D/A7-25388-706F2675 for <internals@lists.php.net>; Thu, 16 Jun 2016 14:55:03 -0400
Received: by mail-lf0-f42.google.com with SMTP id q132so46393186lfe.3
        for <internals@lists.php.net>; Thu, 16 Jun 2016 11:55:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
        bh=uR0vAL5+NbeKP1US5CI/O7F4vOL0NC6MEjCyH8irkk8=;
        b=PzkTnd47ZuD5hB7QCPmg0cSXCxrYNJNDzQYbZ8br8aEN9ydZMonys3s6gc4BmaOFYP
         K1jT4KimntYWTgSvi71xCsPrW/HKutXO3Jk+50tDceJW/1DoViPVyW6Fy5KHF2QReBKl
         6sDxrIDDdrQR804dMVOOGGeqg5pLxjvTaeV0douFgviN3XM2Z++sIH3+TXaxkyi58duV
         X6lEiLRRP7FYY4Om4N7gPvaLD9vX0lxRXArar3jDEygmahfwXFdTWzMWOQ89KlCwxrQO
         nI8mqtzhgNgcV8mkq/z3EaGHQ0OiBUfq73MjTC+PDAQcFbCmb4SB+am4hkTzj0V3H9cy
         IyBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to;
        bh=uR0vAL5+NbeKP1US5CI/O7F4vOL0NC6MEjCyH8irkk8=;
        b=EwlrYcG3u03RXQg5O/P9WoW1haSIdcDqfPW7yvqS0GlHn20v9+/DFxd7+ZVcv+ljEu
         35gpRYna3PU4xBHaw10MTio2UlfzP3zkQ1C4f2gw+QvIce5rPRGoZkM1QZnwiDa1vaBa
         ED8xp9IZ4P8ra1Ma8fK8VScPdEScKn1mPSdVleepPLk9xBVM3bBTCsU4qdfnJ2LNmdvd
         B8ru+DXY9shQiU9Q+FUiv6bITeNGNT3utthzV/Ku0H5smn/fv1RoTXN2yO1bSunaON8i
         rMhW6F6+Brdfg7SJvGzCpdc+t1agCWyi7PzmljC9HIjQ1GWPN9znSZPbXtA/vr1RmL3x
         xDfQ==
X-Gm-Message-State: ALyK8tIrPqlC3rDjTH8k8esZCedk/QPw6IptfMUgICgZmU7NnpwB8k6ehZBiUMXh1zd44rD9fL/zSzk3dLVTjg==
X-Received: by 10.25.17.210 with SMTP id 79mr1448526lfr.113.1466103300242;
 Thu, 16 Jun 2016 11:55:00 -0700 (PDT)
MIME-Version: 1.0
References: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
In-Reply-To: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
Date: Thu, 16 Jun 2016 18:54:50 +0000
Message-ID: <CAPwsocGFEZwO6iLVn67YHDx3earyBPEOO8bLX4EgzhDTCPU4zw@mail.gmail.com>
To: internals@lists.php.net
Content-Type: multipart/alternative; boundary=001a113fbc9c6a43c6053569c6fd
Subject: Re: [RFC] RNG fixes
From: leight@gmail.com (Leigh)

--001a113fbc9c6a43c6053569c6fd
Content-Type: text/plain; charset=UTF-8

RFC updated to include:
* A note about mt_rand()s poor performance
* Separate votes for proposals so we can at least get the security fixes
through
* Updated vote from 50% to 2/3 as it does cause a BC issue.

I should also state that mt_rand is easily implementable in userland, so
the correct/legacy algorithm can be provided that way if changing it in
core does not pass (I have a library providing this)

So there have been a couple of suggestions of providing legacy
functionality via a PECL extension. If we were to make rand/mt_rand use
function pointers to their implementation it would be very easy for an
extension to override their behaviour. If people like this idea I'm more
than happy to provide this ext as part of the RFC.

--001a113fbc9c6a43c6053569c6fd--