Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97909
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 81429 invoked from network); 21 Jan 2017 02:56:31 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Jan 2017 02:56:31 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:49972] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3C/3C-00729-EDDC2885 for <internals@lists.php.net>; Fri, 20 Jan 2017 21:56:31 -0500
Received: (qmail 47557 invoked by uid 89); 21 Jan 2017 02:56:27 -0000
Received: from unknown (HELO mail-wm0-f42.google.com) (yohgaki@ohgaki.net@74.125.82.42)
  by 0 with ESMTPA; 21 Jan 2017 02:56:27 -0000
Received: by mail-wm0-f42.google.com with SMTP id d140so18457844wmd.0
        for <internals@lists.php.net>; Fri, 20 Jan 2017 18:56:26 -0800 (PST)
X-Gm-Message-State: AIkVDXJ2NmyYFgniEsuelPlVHwd5GUtTHOEtvnbQmL+cMx+OhbnHHCgkZHek3flQnGADYvVoroEUp263OfemwQ==
X-Received: by 10.223.177.18 with SMTP id l18mr14278229wra.96.1484967379921;
 Fri, 20 Jan 2017 18:56:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.195.12.8 with HTTP; Fri, 20 Jan 2017 18:55:39 -0800 (PST)
In-Reply-To: <CAGa2bXZ7sOsJWkNpSRaBD-6i4mk0d4hxEmHSknf_1CT0iZ8+3g@mail.gmail.com>
References: <CAGa2bXbFST=5DkhiJ6zJ1hJ5vZYUo7CnCDp+VXcyvSU-bWcyMg@mail.gmail.com>
 <CAGa2bXak3tZ+kC6EeiA=ZCeynGSZbO-4Hpd1v_1oZVDHpSAvsA@mail.gmail.com>
 <71c26cd6df6f59e76dafd31647852c2e@koti.fimnet.fi> <CAGa2bXY0djrgpbC_wNGeRyciNygS59hmuaUaZG-=vAt0dZoxxA@mail.gmail.com>
 <142a3537a99809cf23d78e0eaadc3aef@gmail.com> <7a359bb08b0ad8b046534c15492cec91@gmail.com>
 <CAGa2bXZgbsHM-PZcSUoyA8VZ22rmMmjy41tGPUszC2Acr7Zjyw@mail.gmail.com>
 <CAF+90c9jC0r22NEPbeYXMgL8F_qm0rtJ-nXTeqj_PgjhcY6RRw@mail.gmail.com>
 <CAGa2bXaSux=Pq8+9N4wT9gaqjY--N=D9WwH0560=JEUjutd5LA@mail.gmail.com>
 <8cfe7a3ea5a05fc3e5347e9af848ada0@gmail.com> <CAGa2bXZzpfEuQDEcQM=eLRit8BRieW5KY5h-H59+1-P0Ehmomw@mail.gmail.com>
 <CAPwsocFypb4m7sA0An0CmJ=izZW_07PzyFVN7bN9A+q81aTEvw@mail.gmail.com>
 <CAGa2bXbn4d7tT_NG2EHzFKvMDWAr=TCPw1L26QJv7jyKE5of+w@mail.gmail.com>
 <a4a9e600b364c9cc70a4f8fcca11cdc7@gmail.com> <CAGa2bXZ7sOsJWkNpSRaBD-6i4mk0d4hxEmHSknf_1CT0iZ8+3g@mail.gmail.com>
Date: Sat, 21 Jan 2017 11:55:39 +0900
X-Gmail-Original-Message-ID: <CAGa2bXZyD4qxRpo-pKuYnpt6A2mjedKgC9_xTvSL2Ojs8y_e6Q@mail.gmail.com>
Message-ID: <CAGa2bXZyD4qxRpo-pKuYnpt6A2mjedKgC9_xTvSL2Ojs8y_e6Q@mail.gmail.com>
To: =?UTF-8?Q?Lauri_Kentt=C3=A4?= <lauri.kentta@gmail.com>
Cc: Leigh <leight@gmail.com>, Nikita Popov <nikita.ppv@gmail.com>, 
	"internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=94eb2c1cd4b42ef2e5054691e985
Subject: Re: [PHP-DEV] Re: Improving mt_rand() seed
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--94eb2c1cd4b42ef2e5054691e985
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi,

On Sat, Jan 21, 2017 at 11:12 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> On Thu, Jan 19, 2017 at 10:37 PM, Lauri Kentt=C3=A4 <lauri.kentta@gmail.c=
om>
> wrote:
>
>> On 2017-01-19 13:46, Yasuo Ohgaki wrote:
>>
>>> However, PHP as a whole cannot work reliable way w/o CSPRNG and
>>> today's
>>> standard requires working CSPRNG, doesn't it?
>>>
>>
>> No.
>>
>> Why do you think that PHP can't work without CSPRNG?
>>
>> PHP is a general-purpose programming language. It can be used in a close=
d
>> environment, even on machines without any network. CSPRNG is not require=
d
>> and should not be required.
>
>
> When things failed, program should fail properly.
> There are number of examples that failed to make thing secure enough. e.g=
.
> SSL
>
>
> On Thu, Jan 19, 2017 at 11:14 PM, Leigh <leight@gmail.com> wrote:
>
>>
>> Everyone who cares about stability.
>>
>> I agree, if you want to introduce breaking changes, this needs to go to
>> RFC.
>>
>> Therefore the simplest option seems to be DON'T introduce breaking
>> changes. Wouldn't you agree?
>
>
> The nature of MT rand is non CSPRNG, so I don't mind to much about the
> fallback. I'm just uncomfortable with not following the "When things
> failed, program should fail properly" principle. Not following this
> principle caused unexpected results in many softwares. This specific case
> does not matter much, though.
>
> Anyway, unusable CSPRNG is very unlikely to happen. I may just use
> UNEXPECTED macro for the if branch.
>

I changed my mind due to comment for uniqid() CSPRNG usage.

IMO, there is no benefit for CSPRNG failure fallback. We shouldn't add
fackback for every CSPRNG usage. It's just does not make sense. Are we
going to add poor fallbacks for every CSPRNG usage? I strongly against it.

CSPRNG failure is like BUS error, i.e. hardware error. CSPRNG shouldn't
fail with healthy hardware/OS. Therefore, we should not add poor fallback
code for it.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--94eb2c1cd4b42ef2e5054691e985--