Re: unify entropy source for all php related functions
On Fri, Feb 14, 2014 at 1:53 PM, Pierre Joye <[email protected]> wrote:
> On Feb 14, 2014 8:02 PM, "Andrey Andreev" <[email protected]> wrote:
>
> > So how does openssl_random_pseudo_bytes() work without blocking then?
>
> Because it tells you if the result is crypto safe or not:
>
> string *openssl_random_pseudo_bytes* (int $length [, bool &$crypto_strong]
> )
>
> If you want only crypto safe result another function has to be used (on
> opennssl).
>
That's not the way how it works in md_rand. The ssleay_rand_pseudo_bytes
(Rand_psedobytes called in openssl_random_pseudo_bytes) is just a wrapper
for ssleay_rand_bytes with pseudo flag set to 1. ssleay_rand_bytes first
calls Rand_poll that adds the entropy. The thing is that the entropy is
taken from /dev/urandom on Unix. It means you will always have enough
entropy on Linux and the functions returns 1 ($crypto_strong is set to
true). You won't get false on Linux though. The reason of the flag in
OpenSSL is if you run it in on some platform that can't provide enough
entropy which is not the case on Linux. Please see the sources for more
details.
Thanks
Jakub
Thread (32 messages)