On 6/21/16, 1:43 PM, "Fleshgrinder" <p...@fleshgrinder.com> wrote:
>Yes, let's ask the users! But we don't do that, we just discuss it here. >Howe could we create such a poll that reaches many people? Maybe Reddit? Perhaps you misunderstand what I intended by leaving the choice to users. If we add a new RNG and keep the existing ones then each user can make an independent choice. >That being said, I repeat myself now, nikic also proposed to deprecate >rand() and having pcg_rand() as a modern replacement for mt_rand() I admire O'Neill's work and her paper and I find the generators and related theory very interesting. I'm not sure they are sufficiently well scrutinized and tested. Afaik, the status of this work is: there's an unpublished paper, a web site, some implementations and a conversation on reddit. Among other things, O'Neill makes claims about suitability for crypto. If PHP choses PCG as is its new RNG, that constitutes a strong endorsement and wonder who among us can confirm the work. I think there's also an argument against using an RNG that makes specific unpredictability claims since this confuses the distinction between it and random_bytes(). People may think that once seeded it's a fast alternative. Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
