Le mercredi 15 juin 2016, 21:43:05 Fleshgrinder a écrit : > But let use stop that now. I already wrote that someone should come up > with use cases for predictable random numbers other than creating > insecure secrets. This is the main problem that needs solving, people > using this stuff without knowing what they do. > > Keep in mind that anyone or anything (company) that requires predictable > random numbers for their software (e.g. game) wants to have more control > over distribution and ways to tweak it. Hence, they will directly > implement it straight on their own anyways. Business rules are more > important in such domains than readily available built-in stuff. > Otherwise many people would not have jobs. :P > > If they really don't want to they can still fall back to PECL. I really > do not see the shared hosting as a big argument here because shared > hosting directly falls back to web application and -- as I said before > -- in this context the requirement for predictable random numbers is > pretty much nil. > > Just proof me wrong and show me where it is needed. > > Drupal? Symfony? Zend? Wordpress? PhpBB? ...?
Hello, An example I can think of where reproductible RNG could be needed (outside of the obvious case of games, and I’m not sure why it’s not enough), is the generation of random images based on user’s information, as gravatar is doing for instance. So, for me PHP must have a way of providing reproducible random sequences. But that does not mean it has to be the same functions as before, I would be fine if (mt_)(s)rand are deprecated and some other method allows to do this. But I’m a bit confused if people are arguing over keeping rand method or over whether we need reproducible RNG at all. Côme
signature.asc
Description: This is a digitally signed message part.
