Hi,
I'm not a cryptographer and therefore I might be missing something
here, but I've read quite a lot about this recently and ALL sources
say that /dev/urandom is both widely used and considered safe for
cryptography. Only a select few mention that it could be a bit weaker
in specific cases, in theory.
AFAIK, that's even what every crypto-related functionality in PHP uses
for randomness, except maybe for mcrypt_create_iv() which by default
uses /dev/random, but has the option to switch. So why the 2 options?
And then there are some issues with it being an ini setting (or two) ...
Somebody mentioned that because this is sensitive, it must not be
changeable during runtime - I agree with that to some extent, but
unless I'm administrating the server:
- what if it is set to a weak source and I want to switch to a stronger?
- what if I need a non-blocking one and it is set to /dev/random?
- what's the point of default values, if they are to be somehow
detected depending on the OS?
If it was up to me, I'd just introduce a function, i.e. prng(bool
$crypto, bool $blocking) and auto-detect the strongest possible
source. Other stuff like session ID generation surely can use that
under the hood.
Regards,
Andrey Andreev.