Re: unify entropy source for all php related functions

From:	Jakub Zelenka	Date:	Sat, 15 Feb 2014 12:50:32 +0000
Subject:	Re: unify entropy source for all php related functions
References:	1 2 3 4 5 6 7 8	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

On Sat, Feb 15, 2014 at 11:59 AM, Pádraic Brady <[email protected]>wrote:

> Hi,
>
> On 14 February 2014 15:30, Jakub Zelenka <[email protected]> wrote:
> > It uses /dev/urandom for seeding PRNG. It means that it reads only 32
> bytes
> > (256 bits) from it. If you call openssl_random_pseudo_bytes you will get
> > bytes generated by PRNG
> >
> >
> >>  - $crypto_strong will always be true on Linux (UNIX-whatever)
> >>
> >
> > Yes. The reason is that /dev/urandom is non-blocking and you will always
> > get enough entropy from it. You don't have to check the flag on Linux
> > because it will be always true!
> >
> > The point is that OpenSSL considers /dev/urandom strong enough for
> seeding
> > CSPRNG.
> >
> > Jakub
>
> There are the three categories:
>
> 1. Non-Cryptographically Deterministic PRNG
> 2. Entropy Input PRNG
> 3. Cryptographically Secure PRNG
>
> OpenSSL is the second. /dev/urandom is also the second. /dev/random is
> the third (after a warmup period!). Something like rand() would be in
> the first under the assumption that time is predictable.
>
> Those are the technical categories anyway... In reality, you can use a
> non-CSPRNG for cryptographic needs over the short term. If you can't,
> it means the damn thing is broken ;). If you have something like a
> long term or high value cryptographic product, you wont want to stint
> on entropy and you won't want to run afoul of any future issue with
> the entropy collection or mixing, and you're probably not going to
> even use a machine remotely susceptible in inactivity (which may limit
> the entropy sources).
>
> Be careful of taking claims at face value where definitions are in doubt.
>
> Paddy
>
>
>
Thanks for the explanation. It makes sense.

I thought that they considers the PRNG as Cryptographically Secure because
the documentation states that it produces cryptographically strong
pseudo-random bytes

http://www.openssl.org/docs/crypto/RAND_bytes.html

(RAND_bytes is equal to RAND_pseudo_bytes on Linux)

Jakub


   

Thread (32 messages)

• Pierre JoyeFri, 07 Feb 2014 11:25:45 +0000
  • Tjerk MeestersFri, 07 Feb 2014 11:42:46 +0000
    • Pierre JoyeFri, 07 Feb 2014 11:46:15 +0000
    • Yasuo OhgakiSat, 08 Feb 2014 04:50:49 +0000
  • Pádraic BradyFri, 07 Feb 2014 11:53:00 +0000
    • Pierre JoyeFri, 07 Feb 2014 11:55:10 +0000
  • Nikita PopovFri, 07 Feb 2014 12:13:59 +0000
    • Pierre JoyeFri, 07 Feb 2014 12:23:48 +0000
      • Pierre JoyeFri, 07 Feb 2014 12:29:53 +0000
  • Nikita PopovFri, 07 Feb 2014 12:58:31 +0000
    • Pádraic BradyFri, 07 Feb 2014 15:43:20 +0000
  • Yasuo OhgakiSat, 08 Feb 2014 04:48:11 +0000
    • Pierre JoyeSat, 08 Feb 2014 07:13:35 +0000
  • Yasuo OhgakiThu, 13 Feb 2014 07:21:07 +0000
    • Pierre JoyeThu, 13 Feb 2014 07:57:39 +0000
      • Yasuo OhgakiThu, 13 Feb 2014 08:46:38 +0000
        • Yasuo OhgakiThu, 13 Feb 2014 09:11:44 +0000
          • Pierre JoyeThu, 13 Feb 2014 09:36:27 +0000
            • Yasuo OhgakiThu, 13 Feb 2014 10:42:01 +0000
• Daniel LowreyFri, 07 Feb 2014 12:31:36 +0000Re: unify entropy source for all php related functions
• Andrey AndreevFri, 14 Feb 2014 12:03:12 +0000Re: unify entropy source for all php related functions
  • Pierre JoyeFri, 14 Feb 2014 12:26:13 +0000
    • Andrey AndreevFri, 14 Feb 2014 13:02:20 +0000
      • Jakub ZelenkaFri, 14 Feb 2014 13:10:48 +0000
      • Pierre JoyeFri, 14 Feb 2014 13:53:00 +0000
        • Jakub ZelenkaFri, 14 Feb 2014 14:19:22 +0000
          • Andrey AndreevFri, 14 Feb 2014 14:54:54 +0000
            • Jakub ZelenkaFri, 14 Feb 2014 15:30:38 +0000
              • Pierre JoyeFri, 14 Feb 2014 15:41:04 +0000
              • Pádraic BradySat, 15 Feb 2014 11:59:34 +0000
                • Jakub ZelenkaSat, 15 Feb 2014 12:50:32 +0000
          • Pierre JoyeFri, 14 Feb 2014 15:09:33 +0000