Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96245 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 39502 invoked from network); 5 Oct 2016 08:26:02 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Oct 2016 08:26:02 -0000 Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.65 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 209.85.218.65 mail-oi0-f65.google.com Received: from [209.85.218.65] ([209.85.218.65:33750] helo=mail-oi0-f65.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 71/11-23443-919B4F75 for ; Wed, 05 Oct 2016 04:26:01 -0400 Received: by mail-oi0-f65.google.com with SMTP id o93so3523246oik.0 for ; Wed, 05 Oct 2016 01:26:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=5g6uH89caW9PsJbG5rnH+g65IAYhANVtbfn3VOdYfGs=; b=reFS4UG+aRNlcqdMJpiOc7eU0ZooMK3CI5esG3xJFhRFlGmrtXTo3w4/0ursdvLMwL aJenjC+P1w6Q9re7/BbF+/GzvHgAdIvrx7zVTI7L0Y0EZHxV2tV99ctnlWVtl8kFeBLI YaVDBkAe2OSAt1NF1l6lGX9kuJvi+N+eoP1I157+tLRg/Dcmqj+x/+el5u58M8shhdIh Agf46bzm4KaHqzV0SzBShAkB6OKKvNzEdZrhzg/v7TSTVdeCl23sNX4MJAFQIZc+3UCK tY/TldiqBWmAxIYXU1U59TairkhHuDNPquvH3vfrYRQ7eY3T1ZqXrhgfDSyZcFCHNWp+ HFCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=5g6uH89caW9PsJbG5rnH+g65IAYhANVtbfn3VOdYfGs=; b=FhLkU7WeeiTbnWWhjI9ZDgMTBzuUm3SGcJbnMordi3jv8UIcDuaXAcdUGh4/V2dnGq o16sG9J9DH1ei6V3D8a9HEEOoO/mNyOzdQ7DtGPT/F21jUuOV1Vx+HM58SQT/kXYWcPN RJDsrNW3yxki0OJqcdOqIXcQl/l823SsAZZt1VDaMUr+4Vlh+Ha/lwSsKRTTRLLYw/JT wyt0gPaJhNad6VQE7A0TDAAUPE47038yDMDbhejgCK/iYqswyfWxUU0tcyuZOZ68W5/U jmLpIqRfklZrR0p0RLm0+LbsarAXD0bgAfOqC74N7jE0tAIFiKTjgpdv9SzyHPDEOX12 Q3WA== X-Gm-Message-State: AA6/9RnpAL7fIUr5omNjczUA0vEKRkGa60qapKSiWf0c4FArrUmJEcCDG9pBwm8JFAQ+PJxT+ejqa1dhpFugSQ== X-Received: by 10.202.73.141 with SMTP id w135mr6332047oia.40.1475655958698; Wed, 05 Oct 2016 01:25:58 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Wed, 05 Oct 2016 08:25:48 +0000 Message-ID: To: Yasuo Ohgaki , internals@lists.php.net Content-Type: multipart/alternative; boundary=001a1134f0a23aa119053e19ed58 Subject: Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness From: leight@gmail.com (Leigh) --001a1134f0a23aa119053e19ed58 Content-Type: text/plain; charset=UTF-8 The list was missed off of Yasuo's replies to me, replying including the list On Wed, 5 Oct 2016 at 01:07 Yasuo Ohgaki wrote: > Hi Leigh, > > On Tue, Oct 4, 2016 at 7:06 PM, Leigh wrote: > > Since we want to preserve BC > > > > entropy = random_int(0, 99999999); > > uniqid = strpprintf(0, "%s%08x%05x.%08d", prefix, sec, usec, entropy); > > Current entropy is _double_ from php_combined_lcg() and has 10 chars > length, > has [0-9].[0-9]{8} format. > > "F"->"d" does not work. It should be something like > > entropy = (double) random_int(0, 9999999999); > No it shouldn't. Don't do this. It is an unnecessary conversion. The fact the lcg returns a double is irrelevant. What is relevant is the 8 digits in order to maintain BC. The 8 digits you receive from random_int will still be higher quality than the 10 you get from the lcg rounded to 8 places. > uniqid = strpprintf(0, "%s%08x%05x.%08F", prefix, sec, usec, > entropy/100000000); > On Wed, 5 Oct 2016 at 01:16 Yasuo Ohgaki wrote: > On Wed, Oct 5, 2016 at 9:06 AM, Yasuo Ohgaki wrote: > > Current entropy is _double_ from php_combined_lcg() and has 10 chars > length, > > has [0-9].[0-9]{8} format. > > > > "F"->"d" does not work. It should be something like > > > > entropy = (double) random_int(0, 9999999999); > > uniqid = strpprintf(0, "%s%08x%05x.%08F", prefix, sec, usec, > entropy/100000000); > > Forgot to mention, this code leak more information about PRNG state > than my patch because php_random_int() copies random binary data into > long. It's still part of it and exposure of random data shouldn't > matter, so this is minor issue. > I think there is a misunderstanding here. You're using the CSPRNG which is designed such that the _entire_ output can be made public without you being able to predict the next result. That is the definition of a CSPRNG. Also remember this is "output" not "state". While researching how to implement these CSPRNG functions, I spoke with real security experts on the subject, they all said the same thing: Use the system CSPRNG, and yes, it is fine to expose the output directly. Also if you really are worried (which you shouldn't be), requesting 8 digits from random_int will effectively discard 5 or 37 bits of output depending on whether you're on a 32 or 64 bit platform. You cannot know the value of sequential outputs. > I'll update gist. > Any more comments? > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net --001a1134f0a23aa119053e19ed58--