Re: unify entropy source for all php related functions

From:	Yasuo Ohgaki	Date:	Thu, 13 Feb 2014 07:21:07 +0000
Subject:	Re: unify entropy source for all php related functions
References:	1	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi all,

On Fri, Feb 7, 2014 at 8:25 PM, Pierre Joye <[email protected]> wrote:

> There are a lot of additions and discussions about entropy source and
> (P)RNG lately.
>
> PHP already has a ini setting to define a strong entropy source for
> the session module, which defaults to urandom or arandom.
>
> I would like to create two settings to unify the entropy source
> accross php functions. That includes mcrypt, new password APIs,
> session, LCG, etc.
>
> Something along this line:
>
> random.entropy_strong_source (/dev/(u|a)random etc.)
> random.entropy_crypto_source (/dev/random etc.)
>
> I am not willing to propose new RNG functions or extensions for 5.6 as
> we have way too little time to actually discuss its design and APIs.
> However having these settings unified and documented would be a good
> step forward already.
>
> Thoughts?
>

I would like to have this.
This simplifies code uses /dev/*random.

I may write patch for this as well as
rand_strong_bytes()/rand_crypto_bytes().
Since it's too late for 5.6, I'll commit only to master.
Does anyone think this change needs RFC?

Or this is mandatory for good security, include it in 5.6?
What do you think, Julien?

Regards

--
Yasuo Ohgaki
[email protected]


   

Thread (32 messages)

• Pierre JoyeFri, 07 Feb 2014 11:25:45 +0000
  • Tjerk MeestersFri, 07 Feb 2014 11:42:46 +0000
    • Pierre JoyeFri, 07 Feb 2014 11:46:15 +0000
    • Yasuo OhgakiSat, 08 Feb 2014 04:50:49 +0000
  • Pádraic BradyFri, 07 Feb 2014 11:53:00 +0000
    • Pierre JoyeFri, 07 Feb 2014 11:55:10 +0000
  • Nikita PopovFri, 07 Feb 2014 12:13:59 +0000
    • Pierre JoyeFri, 07 Feb 2014 12:23:48 +0000
      • Pierre JoyeFri, 07 Feb 2014 12:29:53 +0000
  • Nikita PopovFri, 07 Feb 2014 12:58:31 +0000
    • Pádraic BradyFri, 07 Feb 2014 15:43:20 +0000
  • Yasuo OhgakiSat, 08 Feb 2014 04:48:11 +0000
    • Pierre JoyeSat, 08 Feb 2014 07:13:35 +0000
  • Yasuo OhgakiThu, 13 Feb 2014 07:21:07 +0000
    • Pierre JoyeThu, 13 Feb 2014 07:57:39 +0000
      • Yasuo OhgakiThu, 13 Feb 2014 08:46:38 +0000
        • Yasuo OhgakiThu, 13 Feb 2014 09:11:44 +0000
          • Pierre JoyeThu, 13 Feb 2014 09:36:27 +0000
            • Yasuo OhgakiThu, 13 Feb 2014 10:42:01 +0000
• Daniel LowreyFri, 07 Feb 2014 12:31:36 +0000Re: unify entropy source for all php related functions
• Andrey AndreevFri, 14 Feb 2014 12:03:12 +0000Re: unify entropy source for all php related functions
  • Pierre JoyeFri, 14 Feb 2014 12:26:13 +0000
    • Andrey AndreevFri, 14 Feb 2014 13:02:20 +0000
      • Jakub ZelenkaFri, 14 Feb 2014 13:10:48 +0000
      • Pierre JoyeFri, 14 Feb 2014 13:53:00 +0000
        • Jakub ZelenkaFri, 14 Feb 2014 14:19:22 +0000
          • Andrey AndreevFri, 14 Feb 2014 14:54:54 +0000
            • Jakub ZelenkaFri, 14 Feb 2014 15:30:38 +0000
              • Pierre JoyeFri, 14 Feb 2014 15:41:04 +0000
              • Pádraic BradySat, 15 Feb 2014 11:59:34 +0000
                • Jakub ZelenkaSat, 15 Feb 2014 12:50:32 +0000
          • Pierre JoyeFri, 14 Feb 2014 15:09:33 +0000