Hi! > I want to vote yes, but naming is something that scares me a bit. > Without any indication that it's CSPRNG, people might start using it > even when unnecessary, and I'd be worried about potential negative > effects, such as exhausting the entropy pool. It's probably more of a
After reading http://www.2uo.de/myths-about-urandom/, I have hard time seeing how "exhausting entropy pool" would be a real problem.I mean, if running PRNG for "too long" is dangerous, wouldn't we already have much more serious problem with encryption routines based on them which basically do it all the time? Maybe I don't understand the crypto theory under this enough, in which case it may be interesting to read something that explains how that happens and what is the actual problem there. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
