Re: Make mcrypt_create_iv() an alias and move the code into /ext/standard
On Fri, Feb 7, 2014 at 6:30 PM, Yasuo Ohgaki <[email protected]> wrote:
> Hi Thomas,
>
> On Fri, Feb 7, 2014 at 4:05 PM, Thomas Hruska <[email protected]
> >wrote:
>
> > Moving the guts of this non-dependent function into the core would allow
> > mcrypt_create_iv() to just become an alias. The new userland function
> > could be located in /ext/standard/rand.c and have an uncreative name like
> > rand_bytes().
>
>
> There is new great PECL package.
> http://pecl.php.net/package/crypto
> I would like to see it as default for crypt related feature.
>
> Anyway, we need default rundom_bytes() function in ext/standard. This is
> mandatory for secure apps, but we have no default function. This should be
> resolved.
>
> Anyway, mcrypt_create_iv() is not optimum, yet. Here is possible
> improvement.
>
> https://github.com/yohgaki/php-src/compare/PHP-5.6-mcrypt_create_iv
>
> It still requires random source and it does not support windows well,
> though.
> I'm about to adding new function which solves all of them like session
> module.
>
Speaking of which, it would be nice if session id generation depended on
this shiny new API as well ... basically we solve two problems:
1. An easy way to get a bunch of random bytes
2. Centralize random number generation internally, i.e. session ids and
password salts are generated with it.
I'm not sure whether this should extend to providing an easy way to
generate crypto safe random numbers, but that would obviously be nice if
feasible.
> Regards,
>
> --
> Yasuo Ohgaki
> [email protected]
>
--
--
Tjerk
Thread (8 messages)