Hi Leigh, >We're still discussing whether a userland (non-kernel userland) >implementation of arc4random is wise. We need to put some feelers out >and consult some experts on this,
I wouldn't. As Thomas Patcek put it, quoting the article I linked before: You want to use the kernel's CSPRNG, because: * The kernel has access to raw device entropy. * It can promise not to share the same state between applications. * A good kernel CSPRNG, like FreeBSD's, can also promise not to feed you random data before it's seeded. Study the last ten years of randomness failures and you'll read a litany of userspace randomness failures. Debian's OpenSSH debacle? Userspace random. Android Bitcoin wallets repeating ECDSA k's? Userspace random. Gambling sites with predictable shuffles? Userspace random. Userspace generators almost always depend on the kernel's generator anyways. Even if they don't, the security of your whole system sure does. A userspace CSPRNG doesn't add defense-in-depth; instead, it creates two single points of failure. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
