Hi all,

On Thu, Feb 2, 2017 at 12:47 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:

>
> Posting RFC draft before discussion
>
> https://wiki.php.net/rfc/improve_predictable_prng_random
>
> This RFC includes results of recent PRNG related discussions.
> I would like to keep it simple, but basic object feature will be
> implemented.
>
> Methods could raise exceptions for invalid operations rather than ignoring.
>
> Comments?
>

I realized BC in PHP 7.1 is not so obvious. I added what's broken by PHP
7.1.
I also made to raise exception for insane usage.
Reseed cycle can be set up to 2^31.

https://wiki.php.net/rfc/improve_predictable_prng_random

RFC is written to implement to be minimal/enough to fix issues
consistently.
Adding new Random object or methods are easy if these are needed.
Please note that RFC objectives are
 - Fix BC made by PHP 7.1. (For PHP 7.1, we may simply add new state for
rand()/srand(), but this is out of scope)
 - Use MT rand optimal way
 - Keep it simple to be minimal
 - Keep consistency across APIs

There are worry about CSPRNG overhead, reading 2500 bytes from CSPRNG
on PHP 7.1-dev debug build took less than 0.00001 sec with my PC.

[yohgaki@dev PHP-7.1]$ ./php-bin -d error_reporting=-1 -r '$s =
microtime(true);for ($i=0; $i<1000; $i++) $n=random_bytes(2500);
var_dump(microtime(true)-$s);'
float(0.010347843170166)

Since it will reseed 1 in 100, average overhead is less than 0.0000001 sec
with debug build. 100 seems good choice. IMO. I don't mind to use larger
reseed cycle default if it isn't too large.

Regards,

--
Yasuo Ohgaki
yohg...@ohgaki.net

Reply via email to