On 10/5/15, 11:34 AM, "Scott Arciszewski" <sc...@paragonie.com> wrote: > >You mentioned diceware. Incidentally, >https://paragonie.com/blog/2015/07/common-uses-for-csprngs-cryptographical >ly-secure-pseudo-random-number-generators#diceware > >Some problems (i.e. random_int) should be fixed at a language level. >Others, through education. In the end, this might be an education >issue. > >Scott Arciszewski >Chief Development Officer >Paragon Initiative Enterprises <https://paragonie.com>
Hi Scott, I don't think a random string generator or the other stuff I mentioned should be in standard PHP API. If PHP wants to help with this sort of thing (I think it would be valuable) the better way is a new ext with a class that provides some utility methods and such, as I described before. With respect to your code, if you assume an opcode cache, a trait is a decent way to save a large lookup table, such as the Diceware word list, as a PHP array. Examples in the two data trait classes here: https://github.com/tom--/precis Better still, compile it into PHP. Your random string generator appears to assume either that the $charset string is limited to ASCII7 (Basic Latin) or that the PHP file is latin encoded. I don't think it's a safe assumption to make in 2015. Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
