On 15/03/2015 04:23, Sammy Kaye Powers wrote:
A two week discussion period has been held for the reliable user-land
CSPRNG RFC to add `random_bytes()` and `random_int()`. The RFC has now been
moved into voting.
https://wiki.php.net/rfc/easy_userland_csprng
There was some discussion of prefixing the function names with `crypto_*()`
but there are a few reasons we decided against this:
1) There is a crypto pecl extension, so the pseudo-namespace might cause
confusion.
2) We want to work on a fully featured crypto framework for 7.1, and
crypto_* is a good prefix for that, so again, we don't want to mix things
up.
Disclaimer: I do know a little about security, but I am not a
crypto-expert by any means. If I'm saying something silly, just let me
know ;)
I want to vote yes, but naming is something that scares me a bit.
Without any indication that it's CSPRNG, people might start using it
even when unnecessary, and I'd be worried about potential negative
effects, such as exhausting the entropy pool. It's probably more of a
documentation problem, but we know many won't read the docs and a "hint"
in the function name could help guiding users.
For example, it would be overkill to use random_int() to randomly pick
the content of a boxes at each reload of a web page, but if what I need
is a *random int*, then random_int() seems a far better choice than some
obscure rand() or mt_rand().
Or in the poker deck example, wouldn't it be enough just to seed
mt_srand with a crypto-secure number to remove the biasing and using
mt_rand to shuffle the deck?
Cheers
--
Matteo Beccati
Development & Consulting - http://www.beccati.com/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
