Re: [PHP6] Merging rand and mt_rand()

From: Date: Wed, 26 Feb 2014 08:13:16 +0000
Subject: Re: [PHP6] Merging rand and mt_rand()
References: 1  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message
Hi Rowen,


On Sun, Feb 23, 2014 at 7:45 PM, Rouven Weßling <[email protected]> wrote:
> Hello internals,
>
> there has already been a lot of talk about improving secure random number generation for PHP6.
> One thing I'd like to improve as well, would be non-secure random number generation. Here is
> not so much security at stake but ease of use.
>
> The obvious solution, would be to rename mt_rand to rand and make rand an alias. (The same for
> the supporting functions mt_srand and mt_getrandmax).
>
> What I'm missing is the history. What was the reason to keep the separate? Am I missing
> something?

I totally agree with your goals. There are too many ways to do the
same operations, in many areas. However I am not a fan of breaking BC
(even in small ways) without an actual big benefit. It is always easy
to remove, kill, change functions to make them "better". Adding each
single change together will make a migration to a given version almost
impossible or very painful. I would go with a soft way.

In the case of the random functions, as I said in previous
discussions, I tend to go with a new APIs, clean, with a couple more
algorithms as well as easy to use functions for the common usages
(crypto safe or not). Anthony implemented something in userland, there
are a couple of libraries available too (in C, used by python f.e.)
providing very handy APIs. That's the way I would choose.

Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org


Thread (15 messages)

« previous php.internals (#72816) next »