Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94241
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 3555 invoked from network); 24 Jun 2016 01:36:01 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 Jun 2016 01:36:01 -0000
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.46 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.218.46 mail-oi0-f46.google.com  
Received: from [209.85.218.46] ([209.85.218.46:33593] helo=mail-oi0-f46.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2D/04-08667-08E8C675 for <internals@lists.php.net>; Thu, 23 Jun 2016 21:36:00 -0400
Received: by mail-oi0-f46.google.com with SMTP id u201so96340804oie.0
        for <internals@lists.php.net>; Thu, 23 Jun 2016 18:36:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=Ue48cTt5kJnHUISmsAvFjJlKJ7CWgryxWxgXnmXA4NU=;
        b=KUgQbXV5yilZ+msyfpE3c+B3u9NeLmCdxI7YKq1BQrucnCTh8XcQr66ZbK+jczclYP
         NGHhGmSTFFoeDx7ROgP5CLGSFDWGwLs11R9tElA5mgAhiC1SpHh5WjaUK6C5lFAIMxzU
         ThIM+DaJWNX0cydIDV94wYTbCI5UB3Nq6l/wyiM2xKnZARwT2bdzKklXyDDekXxU0vVN
         q8dlXUx50yMyr7xAymhs3KsQ5DbLv98Dl/HZ96awFbDUUp6ZyTf4xw7B+j7mcxyeQQ4E
         ymwAVfzxjHy4dpolerHHYUrh+OZMCELlb5CWH8yd+YduXSIst27QL5p8U38oO4A8g7PX
         Dfrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=Ue48cTt5kJnHUISmsAvFjJlKJ7CWgryxWxgXnmXA4NU=;
        b=Nz9n0qvcKexDfzYjgrBUolxZalRGEpLXiqVQK+quvrVdD8gSxcI0jKYZtixyIyMiZN
         0G8qgl8eo1kWMxyD3WVqNJfU98d/bFLCujnNnXI9OoSC7cNji3Jf/7ldb7WAM38NoQiv
         3qDpnRu+44aFkJL6Ug5spE4ZRY1DKKMv0TMxKe/C7ZRFMfGzaBPddizARVl9O6Ygonxy
         DXYnjQTTcF9evUsC63G61xcUwoMJPvKK4J2H7jmDYsoiZ8AbKWhuTnVpmlGOmJAC5bZa
         OG3x1CZj1nZROIHM/N6udDVQ9udfIeYPLohoPZEObqxMYpmon0u25T4lKEuV4JnqWSPA
         o6Rg==
X-Gm-Message-State: ALyK8tKYQQkGRaiYj8hP3WC7FFFRAkD9X811RAsulaZbjl16rB6E9Rt5nQwLEWnWrzvIc6VlcmhtAj5GRWrXbA==
X-Received: by 10.202.52.196 with SMTP id b187mr1011617oia.113.1466732157504;
 Thu, 23 Jun 2016 18:35:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.108.197 with HTTP; Thu, 23 Jun 2016 18:35:56 -0700 (PDT)
In-Reply-To: <0e4655b3-d0cb-f1cc-6e39-c336ed51e2de@gmail.com>
References: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
 <e28227a3-d5b1-b971-3362-c6d31768aa44@fleshgrinder.com> <cf009374-d159-886c-3a25-643ebb7f91e5@gmail.com>
 <f5807c28-6f0e-d7a7-b460-335cb0354d07@seld.be> <2f92fa26-5f50-0e68-c1fc-de79f17c201e@fleshgrinder.com>
 <8b48f847-bbba-03f8-4b2e-9cd0841b484e@gmail.com> <65ea0142-c2d6-f4ed-e98e-b7c7fbc51c58@fleshgrinder.com>
 <CAF+90c9N3Mk99OOhLi_NgM6GKYhh0a5gXk2nH1fmnyqz=f0Zbw@mail.gmail.com>
 <D3915644.6FA67%fsb@thefsb.org> <CAF+90c9sONJVu6BFafM8h9DKOK6eaj+xsk_Jt3kd-DTVBVn6Fg@mail.gmail.com>
 <a8471ece-05e2-ec5b-c3b2-2484b6da4675@gmail.com> <0e4655b3-d0cb-f1cc-6e39-c336ed51e2de@gmail.com>
Date: Fri, 24 Jun 2016 08:35:56 +0700
Message-ID: <CAEZPtU5pmAoRJ15f=WE6+rDbEimhSVo3Ln3Vk27huWRLb_N00g@mail.gmail.com>
To: Stanislav Malyshev <smalyshev@gmail.com>
Cc: Rowan Collins <rowan.collins@gmail.com>, PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] RNG fixes
From: pierre.php@gmail.com (Pierre Joye)

hi,

On Thu, Jun 23, 2016 at 11:56 PM, Stanislav Malyshev
<smalyshev@gmail.com> wrote:
> Hi!
>
>> I would prefer something like random_fast_int() == mt_rand() == rand(),
>> with clear documentation on when to use random_fast_int() instead of
>> random_int(), and a note on the others that "since 7.2, mt_rand() is an
>> alias for random_fast_int()" etc. (Not wedded to the name
>> random_fast_int, we can bikeshed that later.)
>
> That sounds to me like a good way to proceed too. I don't think it's a
> big deal it mt_rand won't be using specific MT algorithm anymore, I see
> very small number of places where it would matter.
>
> One thing to consider is that there might be test scenarios, sequences,
> etc. that depend on specific seed and will be broken by changing the
> implementation (tests relying on specific rand are not the very best
> idea, but they do happen), but I think this kind of thing may be
> acceptable for a major version. Would like to hear thoughts on this though.

fast_int or fast whatever looks bad to me. But we know that.

Also, about mt_rand, it costs nothing to have a compat mode for the
cases where the current (standard or not is not relevant)
implementation is being relied on.

More generally about the random APIs, there are many good non crypto
safe RNGs, and there will be more. Each of them have their own use
cases. I do not think that arbitrary choose, change, actualized them,
in major versions or not, is a good thing.

I would rather prefer to have a more flexible API allowing to choose
one algorithm for a run. It is also good to have a default per
category (strong, weak, fast for example) so one can use the current
default for a given need.

A good API for RNG is https://bitbucket.org/haypo/hachoir/wiki/Home.
It allows flexibility while having default and the ability to choose a
specific implementation if desired. My main point is to do not
penalize valid uses because some code will never ever do the right
thing (tm). A language cannot prevent bad behaviors but do not have to
punish good cases by removing useful features for the "good of all".

Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org