Hi, I ask this because the OpenSSL option here is the only CSPRNG; The others > are trivially breakable and should not be used for cryptographic > applications. I could see an argument for wanting to use them in > non-security contexts but I'm wondering if the API should make it clear > when that is being done. >
if you mean openssl_random_pseudo_bytes, then it's not CSPRNG because it calls RAND_pseudo_bytes. You would have to use RAND_bytes to have CSPRNG but then you would have to seeded before calling. See http://www.openssl.org/docs/crypto/RAND_bytes.html and OpenSSL sources for more details. I don't think that using OpenSSL here is a good idea. There should be a better framework or new functions for dealing with OpenSSL Rand but that's a bit off topic... The whole proposal is a bit confusing for me. The combination of PRNG algorithm (MT) with libraries (libc, OpenSSL, GMP) that implements one or more PRNG algorithms just doesn't make sense to me. It doesn't say anything about the speed and crypto strength of the algorithms. I think that much better solution would be an extension that implements a couple of algorithms. Then you could select what algorithm you want to use. The good idea would be to have some reasonable default algorithm that would be used if the user doesn't know anything about algorithms. This could be implemented as an extension and if it's good enough then it could be proposed as the core addition. Jakub
