Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:97906 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 76230 invoked from network); 21 Jan 2017 02:13:22 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 Jan 2017 02:13:22 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:49886] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7C/3B-00729-1C3C2885 for ; Fri, 20 Jan 2017 21:13:22 -0500 Received: (qmail 40831 invoked by uid 89); 21 Jan 2017 02:13:18 -0000 Received: from unknown (HELO mail-wm0-f49.google.com) (yohgaki@ohgaki.net@74.125.82.49) by 0 with ESMTPA; 21 Jan 2017 02:13:18 -0000 Received: by mail-wm0-f49.google.com with SMTP id c206so71021231wme.0 for ; Fri, 20 Jan 2017 18:13:17 -0800 (PST) X-Gm-Message-State: AIkVDXLz+uFouN4rmIYajWJjld6PcBDkP6ZnGmCw2/bfApoANmwge0sMt7Wy58g2+QrBo73KbGkV9E1rFqdijA== X-Received: by 10.28.13.131 with SMTP id 125mr5325855wmn.122.1484964791567; Fri, 20 Jan 2017 18:13:11 -0800 (PST) MIME-Version: 1.0 Received: by 10.195.12.8 with HTTP; Fri, 20 Jan 2017 18:12:30 -0800 (PST) In-Reply-To: References: <71c26cd6df6f59e76dafd31647852c2e@koti.fimnet.fi> <142a3537a99809cf23d78e0eaadc3aef@gmail.com> <7a359bb08b0ad8b046534c15492cec91@gmail.com> <8cfe7a3ea5a05fc3e5347e9af848ada0@gmail.com> Date: Sat, 21 Jan 2017 11:12:30 +0900 X-Gmail-Original-Message-ID: Message-ID: To: =?UTF-8?Q?Lauri_Kentt=C3=A4?= Cc: Leigh , Nikita Popov , "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a113eb392e7d0d60546914e9c Subject: Re: [PHP-DEV] Re: Improving mt_rand() seed From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a113eb392e7d0d60546914e9c Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Lauri and Leigh, On Thu, Jan 19, 2017 at 10:37 PM, Lauri Kentt=C3=A4 wrote: > On 2017-01-19 13:46, Yasuo Ohgaki wrote: > >> However, PHP as a whole cannot work reliable way w/o CSPRNG and >> today's >> standard requires working CSPRNG, doesn't it? >> > > No. > > Why do you think that PHP can't work without CSPRNG? > > PHP is a general-purpose programming language. It can be used in a closed > environment, even on machines without any network. CSPRNG is not required > and should not be required. When things failed, program should fail properly. There are number of examples that failed to make thing secure enough. e.g. SSL On Thu, Jan 19, 2017 at 11:14 PM, Leigh wrote: > > Everyone who cares about stability. > > I agree, if you want to introduce breaking changes, this needs to go to > RFC. > > Therefore the simplest option seems to be DON'T introduce breaking > changes. Wouldn't you agree? The nature of MT rand is non CSPRNG, so I don't mind to much about the fallback. I'm just uncomfortable with not following the "When things failed, program should fail properly" principle. Not following this principle caused unexpected results in many softwares. This specific case does not matter much, though. Anyway, unusable CSPRNG is very unlikely to happen. I may just use UNEXPECTED macro for the if branch. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a113eb392e7d0d60546914e9c--