Hi,
I added the new RFC https://wiki.php.net/rfc/csrandombytes which is in its
first draft.
I attempted to be fair with respect to the discussion that has already
taken place here.
How does this get listed on the https://wiki.php.net/rfc page?
Tom
Hi,
I added the new RFC https://wiki.php.net/rfc/csrandombytes which is in its
first draft.I attempted to be fair with respect to the discussion that has already
taken place here.How does this get listed on the https://wiki.php.net/rfc page?
Tom
I added it there under the In Draft category, if you have a better name or
short description, just tell me, and I will update it there.
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
I have also set up a github repo with 4 files in it. It is a first hack of
a function that does part of what I described in the RFC. It's based on
the interface of openssl_random_pseudo_bytes() and the guts of
mcrypt_create_iv(). It is provisionally named cs_random_bytes().
For now it builds and works at least this much:
$ sapi/cli/php -r 'echo bin2hex(cs_random_bytes(8)) . PHP_EOL;'
4cd0965922470560
The hard work will be implementing the $is_strong_result flag in a
platform independent way. You need to read the status of the entropy pool.
The current code does that for Linux (maybe?). On FreeBSD you use
sysctl(3) to read kern.random.sys.seeded. On OS X you ask securityd.
Windows is actually easier.
And what about other OSs? What is PHP normally tested on and would that be
a suitable guide for cs_random_bytes()?
In any case, I am no C programmer. I'm just a web dev. I don't even know
how to ask if sysctl(3) is present.
Tom
I added the new RFC https://wiki.php.net/rfc/csrandombytes which is in its
first draft.