Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94189 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 5503 invoked from network); 22 Jun 2016 04:27:17 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Jun 2016 04:27:17 -0000 Authentication-Results: pb1.pair.com header.from=come@opensides.be; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=come@opensides.be; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain opensides.be designates 195.154.20.141 as permitted sender) X-PHP-List-Original-Sender: come@opensides.be X-Host-Fingerprint: 195.154.20.141 smtp.opensides.be Received: from [195.154.20.141] ([195.154.20.141:37986] helo=smtp.opensides.be) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 84/89-43024-3A31A675 for ; Wed, 22 Jun 2016 00:27:16 -0400 Received: from localhost (localhost [127.0.0.1]) by smtp.opensides.be (Postfix) with ESMTP id 08E0D10AA0D for ; Wed, 22 Jun 2016 06:27:12 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at opensides.be Received: from smtp.opensides.be ([127.0.0.1]) by localhost (smtp.opensides.be [127.0.0.1]) (amavisd-new, port 10024) with LMTP id tBxhXKw2wqOJ for ; Wed, 22 Jun 2016 06:27:11 +0200 (CEST) Received: from mcmic-probook.localnet (unknown [118.175.229.27]) by smtp.opensides.be (Postfix) with ESMTPSA id 34803108DCE for ; Wed, 22 Jun 2016 06:27:10 +0200 (CEST) To: internals@lists.php.net Date: Wed, 22 Jun 2016 06:23:08 +0200 Message-ID: <2768539.NNQIxNLb7u@mcmic-probook> Organization: OpenSides User-Agent: KMail/4.14.1 (Linux/3.16.0-4-amd64; KDE/4.14.2; x86_64; ; ) In-Reply-To: <55ceae84-5e24-96b4-bb0f-bd8c71c057ef@fleshgrinder.com> References: <55ceae84-5e24-96b4-bb0f-bd8c71c057ef@fleshgrinder.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2010426.JDlz6hhcGT"; micalg="pgp-sha256"; protocol="application/pgp-signature" Subject: Re: [PHP-DEV] [RFC] RNG fixes From: come@opensides.be (=?ISO-8859-1?Q?C=F4me?= Chilliet) --nextPart2010426.JDlz6hhcGT Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Le mercredi 15 juin 2016, 21:43:05 Fleshgrinder a =C3=A9crit : > But let use stop that now. I already wrote that someone should come u= p > with use cases for predictable random numbers other than creating > insecure secrets. This is the main problem that needs solving, people= > using this stuff without knowing what they do. >=20 > Keep in mind that anyone or anything (company) that requires predicta= ble > random numbers for their software (e.g. game) wants to have more cont= rol > over distribution and ways to tweak it. Hence, they will directly > implement it straight on their own anyways. Business rules are more > important in such domains than readily available built-in stuff. > Otherwise many people would not have jobs. :P >=20 > If they really don't want to they can still fall back to PECL. I real= ly > do not see the shared hosting as a big argument here because shared > hosting directly falls back to web application and -- as I said befor= e > -- in this context the requirement for predictable random numbers is > pretty much nil. >=20 > Just proof me wrong and show me where it is needed. >=20 > Drupal? Symfony? Zend? Wordpress? PhpBB? ...? Hello, An example I can think of where reproductible RNG could be needed (outs= ide of the obvious case of games, and I=E2=80=99m not sure why it=E2=80= =99s not enough), is the generation of random images based on user=E2=80= =99s information, as gravatar is doing for instance. So, for me PHP must have a way of providing reproducible random sequenc= es. But that does not mean it has to be the same functions as before, I= would be fine if (mt_)(s)rand are deprecated and some other method all= ows to do this. But I=E2=80=99m a bit confused if people are arguing over keeping rand = method or over whether we need reproducible RNG at all. C=C3=B4me --nextPart2010426.JDlz6hhcGT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJXahKsAAoJEKhk2MPOyw4ABoIP/A+gPlB+/kB2/fYdz101m4n9 cQtRk4gSuuWeUyN4Qiklns9nrWGMZwl7aaWl9OTYJ2sGRrpu/UeSO55LFjQAOuZ0 2UhT5GYcjf0dfq70h4nRHzPSwN6Je+xf6xHMSXaFX1NUHc4onL7EkfuR8UAa6eR1 y+oSRySwm/V9DHVk7p7M5cETp0Uafhpu3S9Lr/5XIt1E96q4M+xrBZiueX0WEXen oPMHZDxE8FSrPtHHKLH9pu9e+dTUorygj4AfNp8Tw/cgSd+g2XfE36ty1UiZKbbf 58OLJ1bVre3zY9MJNjG27g/W7SDKMvZBF4kfg4KrHRtCgM+ktNnAIX86yrWGPJoR DvyF+ZamKgrqiDvL4ILJnEYtYKD+XWy6N1KhND4QcHYxq8DUUet4tN2LbgrynnUx 0tMvN7JvVof2WQvqW9fUVwT+4gFeYZ1K/tw5+tTMlu0EcPnklXMmti9wBizjtttE 6ygKaPKbmLD7UKJTOMt0wpABJjQkISP65msOXMBDD3+buDEZ863qNxRBlsVP/VXd sRZ5NcUg0EYk2+ZMW9r+D57VIY1f8T39pZqT9nUm7+bK7xosLYlln50Sa80Klhf1 sD7qsDP8NdWu9rjfRfQME+eTKQ69fvr4aWV3lcrXqfS4aKJgI/HdZfWgEDNNNxdV t7VmxKU9w4KJ0vJn0UeQ =+q5y -----END PGP SIGNATURE----- --nextPart2010426.JDlz6hhcGT--