On Fri, Feb 7, 2014 at 7:25 PM, Pierre Joye <[email protected]> wrote:
> hi,
>
> There are a lot of additions and discussions about entropy source and
> (P)RNG lately.
>
> PHP already has a ini setting to define a strong entropy source for
> the session module, which defaults to urandom or arandom.
>
> I would like to create two settings to unify the entropy source
> accross php functions. That includes mcrypt, new password APIs,
> session, LCG, etc.
>
> Something along this line:
>
> random.entropy_strong_source (/dev/(u|a)random etc.)
> random.entropy_crypto_source (/dev/random etc.)
>
> I am not willing to propose new RNG functions or extensions for 5.6 as
> we have way too little time to actually discuss its design and APIs.
> However having these settings unified and documented would be a good
> step forward already.
>
Here's a wild idea; assuming for a second that rand() is actually fed by
a proper entropy source, are there BC implications if we did that? :)
Alternatively, we would be looking at dedicated random_ functions that
provide a similar functionality and end up with an API such as:
int random_integer($min, $max)
string random_string($length, $crypto_safe)
etc...
>
> Thoughts?
>
> Cheers,
> --
> Pierre
>
> @pierrejoye | http://www.libgd.org
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
--
Tjerk