On Thu, Feb 26, 2015 at 12:48 AM, Stanislav Malyshev <smalys...@gmail.com> wrote: > Hi! > >> I'm cool with that idea but I also think it should be spelled out like ` >> random_crypto_*()` as Pierre suggests. I like `secure_random_bytes()` but >> that's because it's what Ruby names their CSPRNG. :) > > The custom is that the first word names the function group (yes, I know > old functions do not follow it, but this is new one). Unless we're going > to introduce a group of functions called secure_*, random_* is a natural > choice. I would be careful with using words like "secure", "crypto" etc. > in general because they may be easily misunderstood - something like > random_bytes() would do as well I think.
I agree. It should (and it is the case in the RFC) starts with random_. As of "crypto", it is something different here as it does match what it actually does, provides crypto safe PRNG. And the term "crypto safe" is a well defined term. Yes, many users confuse "good", "strong" and "crypto safe", but this is a documentation and education issue and we should not invent new wording for industry standards. -- Pierre @pierrejoye | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
