On 10/12/2015 07:29 PM, Tom Worster wrote:
Could we regard random_bytes() as a security patch rather than a new
feature and therefore port it to PHP 5?
Error handling would have to change but that should be feasible. Iirc,
earlier commits of random_bytes() had PHP 5-like behavior on error.
My motivation: it's easier to defend abandoning OpenSSL's RNG (e.g. in
paragonie/random_compat) if we could say to Windows users stuck with
nothing else: "Upgrade to the latest point release of PHP 5.x. It has a
proper fix."
Tom
Since there's no 5.7 release planned, you're talking about adding it in
a 5.6.x? What's wrong with the random_compat library as a solution for
5.6 users?
--Larry Garfield
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
