Re: unify entropy source for all php related functions

From: Date: Fri, 07 Feb 2014 12:23:48 +0000
Subject: Re: unify entropy source for all php related functions
References: 1 2  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message 
On Fri, Feb 7, 2014 at 1:13 PM, Nikita Popov <[email protected]> wrote:

> I'm not sure I understand this proposal and/or its purpose. Different
> applications have different requirements on the strength of the random
> number generator. As such this is something that needs to be specified on
> every use, rather than a (global) ini setting.

Not for this exact feature.

Example:
session uses an entropy source, u or a random by default or a user
defined source
mcrypt uses them as well, depending on the argument
The new password API tries to open /dev/urandom (and only!) and fall
back to rand(), which is quite bad.

Basically, they all have the same need for this exact feature.

What I propose is to add two settings because there is two needs right
now (and for quite some time actually):

- strong
   good enough for password generation and the likes

- crypto safe
   key generations and other cryptography related operations (usually
blocking op too btw)


> If your proposal is to have different different "categories" of randomness
> (the names indicate "strong" and "crypto"), then I see little point in
> having inis for this, rather than letting PHP choose an appropriate source
> (from that category) that is available on the system. Also, if you want to
> introduce such categories, you should also clarify how they will be used
> with the individual functions. Does that mean mcrypt_create_iv will have
> additional MCRYPT_STRONG and MCRYPT_CRYPTO options that will then use the
> source specified by the respective inis? Will the same also be added to
> openssl_pseudo_random_bytes as a (third) parameter?


No, they know which to use. And they already do it internally, hard
coded. The only problem is that they all do their little receipts and
there is no way to actually tell them to use a specific source for a
specific need.


> I feel like these ini settings make things only more confusing. I'd much
> more appreciate the introduction of a function for generating random bytes
> in the standard library, that supersedes the individual extension functions.

It makes things more clear, as you will then know exactly which source
is used for what. It is impossible now and you cannot change or
configure them. Making impossible or harder than it should to anyone
to setup a custom entropy source (for shared hosting or apps needing
more entropy data).

Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org

Thread (32 messages)

« previous php.internals (#72382) next »