Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94242 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 4970 invoked from network); 24 Jun 2016 01:38:14 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Jun 2016 01:38:14 -0000 Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.44 as permitted sender) X-PHP-List-Original-Sender: pierre.php@gmail.com X-Host-Fingerprint: 209.85.218.44 mail-oi0-f44.google.com Received: from [209.85.218.44] ([209.85.218.44:34139] helo=mail-oi0-f44.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A2/64-08667-40F8C675 for ; Thu, 23 Jun 2016 21:38:13 -0400 Received: by mail-oi0-f44.google.com with SMTP id s66so96397961oif.1 for ; Thu, 23 Jun 2016 18:38:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=o/EnTexRmGovOBS6dBJ419ZHuVKehf2WXSsEBBRu3dQ=; b=jJ1q6sHZrAFriGfWnsb79KaKzPLJ4r4qLgBjQnQXEmTVLlzbIPs7+c2oJoECByc+0C Pg1XahBpgZkPZHXlnHHxUyBJBvS7C/Fq9wQzsL7AXtg8KylTOOb0dQLNBbAw3pGUYCkg wphbteZ3guVixfpmSCVZJHGhaSAmf79wgtMYKSSFIzfS71KHXs7yNV98GEeglO0zNLYR OX4HotD9nbpJQw6GqMniGZH0bA9nQR0tQ8xZEfxQMWphm77igN4fLaT+eHRtLV6I8qdK wezdJGAdHO0JHXfy5JxuUWpLhU3vTXOyPyZpsnTcjJfll0ofIcNHCzQEsUTQvQaMv/ZW iU6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=o/EnTexRmGovOBS6dBJ419ZHuVKehf2WXSsEBBRu3dQ=; b=IGC5GLjwfi6LjV4zQo7coLxGMruDNuDLl96SYe/6vE3KBNLOvmz8BFAdJR5EWd74hc gsFynSr3ODbMsS+pZNQDyY29syLm+cH7rdzueJ/8D7Ej1qta2xd8EwBMsa6KxYpgk39r XDTvyIp/TGZ9VY1k8hOOf68ogIYOH2NYbMhTu6selaGqRPUGjP/5kvuCkSgoQNujDHfd VO8PHiFdmF6atNtsWL0hc/3cCqJSP+5Br6XWfnvToMMHGtjLb9w74qY1FmvRisyFOEfq jpzYKf4ZLn5VRLc4pBMKfm2JGiegQVpmKVuBMSbX0vIXYimir3Fio3BTG3gD3hcaQ2Wd /ucw== X-Gm-Message-State: ALyK8tIYlhho5M/STlfNhWN97It4ONnNDn85r5a/azJZ/MbHAdYEvmLHf3c66JrmA6WI9cZuxVasqiqnHV4eEw== X-Received: by 10.157.11.148 with SMTP id 20mr1189039oth.82.1466732289796; Thu, 23 Jun 2016 18:38:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.108.197 with HTTP; Thu, 23 Jun 2016 18:38:08 -0700 (PDT) In-Reply-To: References: <2f92fa26-5f50-0e68-c1fc-de79f17c201e@fleshgrinder.com> <8b48f847-bbba-03f8-4b2e-9cd0841b484e@gmail.com> <65ea0142-c2d6-f4ed-e98e-b7c7fbc51c58@fleshgrinder.com> <0e4655b3-d0cb-f1cc-6e39-c336ed51e2de@gmail.com> Date: Fri, 24 Jun 2016 08:38:08 +0700 Message-ID: To: Stanislav Malyshev Cc: Rowan Collins , PHP internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] [RFC] RNG fixes From: pierre.php@gmail.com (Pierre Joye) On Fri, Jun 24, 2016 at 8:35 AM, Pierre Joye wrote: > hi, > > On Thu, Jun 23, 2016 at 11:56 PM, Stanislav Malyshev > wrote: >> Hi! >> >>> I would prefer something like random_fast_int() == mt_rand() == rand(), >>> with clear documentation on when to use random_fast_int() instead of >>> random_int(), and a note on the others that "since 7.2, mt_rand() is an >>> alias for random_fast_int()" etc. (Not wedded to the name >>> random_fast_int, we can bikeshed that later.) >> >> That sounds to me like a good way to proceed too. I don't think it's a >> big deal it mt_rand won't be using specific MT algorithm anymore, I see >> very small number of places where it would matter. >> >> One thing to consider is that there might be test scenarios, sequences, >> etc. that depend on specific seed and will be broken by changing the >> implementation (tests relying on specific rand are not the very best >> idea, but they do happen), but I think this kind of thing may be >> acceptable for a major version. Would like to hear thoughts on this though. > > fast_int or fast whatever looks bad to me. But we know that. > > Also, about mt_rand, it costs nothing to have a compat mode for the > cases where the current (standard or not is not relevant) > implementation is being relied on. > > More generally about the random APIs, there are many good non crypto > safe RNGs, and there will be more. Each of them have their own use > cases. I do not think that arbitrary choose, change, actualized them, > in major versions or not, is a good thing. > > I would rather prefer to have a more flexible API allowing to choose > one algorithm for a run. It is also good to have a default per > category (strong, weak, fast for example) so one can use the current > default for a given need. > > A good API for RNG is https://bitbucket.org/haypo/hachoir/wiki/Home. > It allows flexibility while having default and the ability to choose a > specific implementation if desired. My main point is to do not > penalize valid uses because some code will never ever do the right > thing (tm). A language cannot prevent bad behaviors but do not have to > punish good cases by removing useful features for the "good of all". Last but not least, mt_rand must remain using Mersenne Twister. Options can define which implementation (at runtime, no ini please). It will be very weird that MT uses some randomly chosen implementation. New APIs can expose other "better" algorithms. Cheers, -- Pierre @pierrejoye | http://www.libgd.org