Re: unify entropy source for all php related functions

From:	Yasuo Ohgaki	Date:	Sat, 08 Feb 2014 04:48:11 +0000
Subject:	Re: unify entropy source for all php related functions
References:	1	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi Pierre,

On Fri, Feb 7, 2014 at 8:25 PM, Pierre Joye <[email protected]> wrote:

> There are a lot of additions and discussions about entropy source and
> (P)RNG lately.
>
> PHP already has a ini setting to define a strong entropy source for
> the session module, which defaults to urandom or arandom.
>
> I would like to create two settings to unify the entropy source
> accross php functions. That includes mcrypt, new password APIs,
> session, LCG, etc.
>
> Something along this line:
>
> random.entropy_strong_source (/dev/(u|a)random etc.)
> random.entropy_crypto_source (/dev/random etc.)
>

+1 for unify.
BTW, it sound more natural if names are
random.entropy_crypto_source (/dev/(u|a)random etc.)
random.entropy_strong_source (/dev/random etc.)

I feels like 'strong' > 'crypto' with this naming.


>  I am not willing to propose new RNG functions or extensions for 5.6 as
> we have way too little time to actually discuss its design and APIs.
> However having these settings unified and documented would be a good
> step forward already.
>

Although, I really would like to have one, it's not much issue for me, but
a issue for average users ;)
This is possible implementation.

https://github.com/yohgaki/php-src/compare/PHP-5.6-rfc-random_bytes

It's not perfect yet, though.

Regards,

--
Yasuo Ohgaki
[email protected]


   

Thread (32 messages)

• Pierre JoyeFri, 07 Feb 2014 11:25:45 +0000
  • Tjerk MeestersFri, 07 Feb 2014 11:42:46 +0000
    • Pierre JoyeFri, 07 Feb 2014 11:46:15 +0000
    • Yasuo OhgakiSat, 08 Feb 2014 04:50:49 +0000
  • Pádraic BradyFri, 07 Feb 2014 11:53:00 +0000
    • Pierre JoyeFri, 07 Feb 2014 11:55:10 +0000
  • Nikita PopovFri, 07 Feb 2014 12:13:59 +0000
    • Pierre JoyeFri, 07 Feb 2014 12:23:48 +0000
      • Pierre JoyeFri, 07 Feb 2014 12:29:53 +0000
  • Nikita PopovFri, 07 Feb 2014 12:58:31 +0000
    • Pádraic BradyFri, 07 Feb 2014 15:43:20 +0000
  • Yasuo OhgakiSat, 08 Feb 2014 04:48:11 +0000
    • Pierre JoyeSat, 08 Feb 2014 07:13:35 +0000
  • Yasuo OhgakiThu, 13 Feb 2014 07:21:07 +0000
    • Pierre JoyeThu, 13 Feb 2014 07:57:39 +0000
      • Yasuo OhgakiThu, 13 Feb 2014 08:46:38 +0000
        • Yasuo OhgakiThu, 13 Feb 2014 09:11:44 +0000
          • Pierre JoyeThu, 13 Feb 2014 09:36:27 +0000
            • Yasuo OhgakiThu, 13 Feb 2014 10:42:01 +0000
• Daniel LowreyFri, 07 Feb 2014 12:31:36 +0000Re: unify entropy source for all php related functions
• Andrey AndreevFri, 14 Feb 2014 12:03:12 +0000Re: unify entropy source for all php related functions
  • Pierre JoyeFri, 14 Feb 2014 12:26:13 +0000
    • Andrey AndreevFri, 14 Feb 2014 13:02:20 +0000
      • Jakub ZelenkaFri, 14 Feb 2014 13:10:48 +0000
      • Pierre JoyeFri, 14 Feb 2014 13:53:00 +0000
        • Jakub ZelenkaFri, 14 Feb 2014 14:19:22 +0000
          • Andrey AndreevFri, 14 Feb 2014 14:54:54 +0000
            • Jakub ZelenkaFri, 14 Feb 2014 15:30:38 +0000
              • Pierre JoyeFri, 14 Feb 2014 15:41:04 +0000
              • Pádraic BradySat, 15 Feb 2014 11:59:34 +0000
                • Jakub ZelenkaSat, 15 Feb 2014 12:50:32 +0000
          • Pierre JoyeFri, 14 Feb 2014 15:09:33 +0000