Hi Yasuo, Pierre, Thank you both for the updates.
I expect the vote to remove mcrypt can be shifted towards "yes" if some campaigning effort is made. I made a start in another thread. Assuming that mcrypt goes, as it should, we are left with a problem. The PHP user doesn't have a platform-independent way to get pseudo-random bytes for crypto. OpenSSL's RNG is not to be trusted. If the user knows this (I wouldn't bet on it) then she has to resort to accessing the platform RNG directly. On Unix-like system's it is technically easy but much confusion is caused by the Linux man page with its myth that urandom is unsafe for crypto. On Windows I just have no idea how the user might proceed. So I really think the "Reliable, userfriendly RNG APIs" idea in the wiki is very important. Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
