Just noticed a commit from Pierre last week http://svn.php.net/viewvc?view=revision&revision=313112 which changed OpenSSL to use a special Windows API call for gathering random data.
I've reverted this change so we can discuss this further.
I disagree with advertising a library function and changing it to use something else. Especially when this is around random data / encryption. The OpenSSL library has been audited externally, if there is a better alternative then this patch should go upstream rather than being hacked into PHP.
If we want to offer this as win32_random_data() then I'm also fine with that.
- Scott
Scott,
Just noticed a commit from Pierre last week http://svn.php.net/viewvc?view=revision&revision=313112 which changed OpenSSL to use a special Windows API call for gathering random data.
I've reverted this change so we can discuss this further.
There is nothing to discuss. The Windows implementation is just as
safe and is much faster than the OpenSsl API.
I disagree with advertising a library function and changing it to use something else. Especially when this is around random data / encryption. The OpenSSL library has been audited externally, if there is a better alternative then this patch should go upstream rather than being hacked into PHP.
I disagreed with the initial implementation of this function in the
1st place, for many reasons that we discussed back then. But you still
applied it. Now I don't want to have windows applications behind yet
again slower because of that and this change greatly improve this
function. So we keep it.
Cheers,
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
and I will restore it myself right now, to be sure that it will be in
the next releases.
Scott,
Just noticed a commit from Pierre last week http://svn.php.net/viewvc?view=revision&revision=313112 which changed OpenSSL to use a special Windows API call for gathering random data.
I've reverted this change so we can discuss this further.
There is nothing to discuss. The Windows implementation is just as
safe and is much faster than the OpenSsl API.I disagree with advertising a library function and changing it to use something else. Especially when this is around random data / encryption. The OpenSSL library has been audited externally, if there is a better alternative then this patch should go upstream rather than being hacked into PHP.
I disagreed with the initial implementation of this function in the
1st place, for many reasons that we discussed back then. But you still
applied it. Now I don't want to have windows applications behind yet
again slower because of that and this change greatly improve this
function. So we keep it.Cheers,
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org