Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94332 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 53799 invoked from network); 30 Jun 2016 10:43:23 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 30 Jun 2016 10:43:23 -0000 Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.49 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 209.85.215.49 mail-lf0-f49.google.com Received: from [209.85.215.49] ([209.85.215.49:33347] helo=mail-lf0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FD/B1-14264-AC7F4775 for ; Thu, 30 Jun 2016 06:43:23 -0400 Received: by mail-lf0-f49.google.com with SMTP id f6so52452828lfg.0 for ; Thu, 30 Jun 2016 03:43:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Koyz8rpnHHvjWZBzTV1aA2jAI1qY8ezKN9FgNW4tXWU=; b=MA8He1gpE7ZJ8TLk9wLERnKj9q2hcjqCj2TuH7OvlUY5MZjHi1VMMKQSEs0vhRm2jo VLeVIpA6bHFSEFCQ1Paxw4QW7lxiQ+NdW64FqqrPoGTGo/a8YaOuDIxjh3OQ1WfwU5aZ 8C8gFuWubh6kbwL/rnf4758OvGNfMY0gcvhCzIixQbn0SqKa6eEDN/NSxcg9ujYhO7Qp mTiw3P2Iu/eOnn1fdKkiOUaEDEYsAwYB2wVWViQQsrbL5ZYZnJWe6zax205ronf3CfSF I+D/9QxtRSu3DyLFNPSQUi5kBUboW21GE2rzsR9KYDes2ZONMnYEGeFDdsi8JMAzLAhl zAjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Koyz8rpnHHvjWZBzTV1aA2jAI1qY8ezKN9FgNW4tXWU=; b=Xk9oRoan6J/21FWCfCz7fKBw1PMST7ceHf0zsdc/78OYHrRLGe6g1T4V7GRf8T4z/3 aMAcfsuE2YoPK2N3H3I6Cd7UMPcoJvYfNrE7fDM4B5wKg4Q6quOK/5sm/NXH0KVF9xfK 2kY19nzXtoWE93xCKfnGf2SFV1ntELSRDjU1yke6MMI+e9qJWu56oS5jm7MroSY/iUnl lrxGkMFr9M091sbWLLSlABkqx+HBDIuWb/DamvlFgVTm23IBf/DErUlUozHyrV3vTLs0 cVRg83CX49NTaCYg17YVESslMZl/egfHKQp0bEJfvPNeu8cR1CBqEdrcns4KNHngbb1X uDzA== X-Gm-Message-State: ALyK8tLGPmheQPSigAo4t7HZc6y7yc6UPDaXwmHGd/tg9A+TYCc7iFEdDpTBkQ37UpBo/rOYCztSDgTY8Oewsw== X-Received: by 10.25.77.13 with SMTP id a13mr4202304lfb.190.1467283399502; Thu, 30 Jun 2016 03:43:19 -0700 (PDT) MIME-Version: 1.0 Received: by 10.25.27.77 with HTTP; Thu, 30 Jun 2016 03:43:17 -0700 (PDT) In-Reply-To: References: Date: Thu, 30 Jun 2016 11:43:17 +0100 Message-ID: To: internals@lists.php.net Content-Type: text/plain; charset=UTF-8 Subject: Re: [RFC] RNG fixes From: leight@gmail.com (Leigh) Updated RFC * Removed proposal to replace (mt_)rand with an alternative algorithm as many have expressed concerns with this. * Clarified that the output of mt_rand _appears_ to be high quality as-is * Added that the old mt_rand functionality will be available at runtime via `mt_rand_mode()` I'll have an implementation ready for review by the end of the week. On 16 June 2016 at 19:54, Leigh wrote: > RFC updated to include: > * A note about mt_rand()s poor performance > * Separate votes for proposals so we can at least get the security fixes > through > * Updated vote from 50% to 2/3 as it does cause a BC issue. > > I should also state that mt_rand is easily implementable in userland, so the > correct/legacy algorithm can be provided that way if changing it in core > does not pass (I have a library providing this) > > So there have been a couple of suggestions of providing legacy functionality > via a PECL extension. If we were to make rand/mt_rand use function pointers > to their implementation it would be very easy for an extension to override > their behaviour. If people like this idea I'm more than happy to provide > this ext as part of the RFC.