Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:98117 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 54327 invoked from network); 2 Feb 2017 09:54:39 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2017 09:54:39 -0000 Authentication-Results: pb1.pair.com header.from=lauri.kentta@gmail.com; sender-id=softfail Authentication-Results: pb1.pair.com smtp.mail=lauri.kentta@gmail.com; spf=softfail; sender-id=softfail Received-SPF: softfail (pb1.pair.com: domain gmail.com does not designate 178.62.210.197 as permitted sender) X-PHP-List-Original-Sender: lauri.kentta@gmail.com X-Host-Fingerprint: 178.62.210.197 k-piste.dy.fi Received: from [178.62.210.197] ([178.62.210.197:51926] helo=k-piste.dy.fi) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 44/59-51557-DD103985 for ; Thu, 02 Feb 2017 04:54:37 -0500 Received: from localhost.localdomain ([::1] helo=k-piste.dy.fi) by k-piste.dy.fi with esmtp (Exim 4.88) (envelope-from ) id 1cZE63-0003QI-QV; Thu, 02 Feb 2017 11:54:31 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Date: Thu, 02 Feb 2017 11:54:31 +0200 To: Yasuo Ohgaki Cc: Tom Worster , internals@lists.php.net, Leigh , Nikita Popov In-Reply-To: References: <0D26A03B-6BEB-4730-8E4B-0F7D6835E683@thefsb.org> <8991137d8dd8ba915bcacd4fbc1fe88f@gmail.com> Message-ID: <1fa97f9f4d4c0866fb4b0f21fc68b068@gmail.com> X-Sender: lauri.kentta@gmail.com User-Agent: Roundcube Webmail/1.2.3 Subject: Re: [PHP-DEV] Re: Improving mt_rand() seed From: lauri.kentta@gmail.com (=?UTF-8?Q?Lauri_Kentt=C3=A4?=) On 2017-02-02 05:47, Yasuo Ohgaki wrote: > Posting RFC draft before discussion > > https://wiki.php.net/rfc/improve_predictable_prng_random > > This RFC includes results of recent PRNG related discussions. > I would like to keep it simple, but basic object feature will be > implemented. > > Methods could raise exceptions for invalid operations rather than > ignoring. > > Comments? > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > I think this RFC is badly prepared. You're overhauling the whole mt_rand system in one go, but you're not doing it properly. There is no justification for breaking compability, not in 7.x and not even in 8.0 in my opinion. There's now three completely unrelated "issues": 1) You want to improve automatic seeding and GENERATE_SEED. You could just generate a 32-bit value from php_random_bytes and silently use the current as fallback; this solution was practically accepted already. You just waste time with your arguments about CSPRNG being sooooo important: everybody has already heard you, and most people seem to disagree. 2) You want to support long seeds. However, 2^32 is a lot of random states. It's enough for almost any legitimate MT use case. As was earlier discussed, adding this support to the global mt_srand is not practical. Anyone who really needs a longer seed should most probably also use a PRNG object to avoid cases where some internal function (say, shuffle) modifies the MT state by accident. 3) You want to use long seeds by default. This would be possible, as discussed earlier, by seeding the whole MT state buffer from a CSPRNG. However, you should consider also the possible performance impact of generating 2,5 kB from CSPRNG on each request/reseed. And again, 2^32 is probably enough already. FWIW, my Raspberry Pi kernel log has several lines about /dev/urandom not being properly seeded before the system is fully started, so using a CSPRNG is not guaranteed to work so well. -- Lauri Kenttä