I have also set up a github repo with 4 files in it. It is a first hack of a function that does part of what I described in the RFC. It's based on the interface of openssl_random_pseudo_bytes() and the guts of mcrypt_create_iv(). It is provisionally named cs_random_bytes().
For now it builds and works at least this much: $ sapi/cli/php -r 'echo bin2hex(cs_random_bytes(8)) . PHP_EOL;' 4cd0965922470560 The hard work will be implementing the $is_strong_result flag in a platform independent way. You need to read the status of the entropy pool. The current code does that for Linux (maybe?). On FreeBSD you use sysctl(3) to read kern.random.sys.seeded. On OS X you ask securityd. Windows is actually easier. And what about other OSs? What is PHP normally tested on and would that be a suitable guide for cs_random_bytes()? In any case, I am no C programmer. I'm just a web dev. I don't even know how to ask if sysctl(3) is present. Tom On 1/8/12 7:42 PM, "Tom Worster" <f...@thefsb.org> wrote: >I added the new RFC https://wiki.php.net/rfc/csrandombytes which is in its >first draft. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
