Hi all, On Thu, Feb 2, 2017 at 12:47 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> > Posting RFC draft before discussion > > https://wiki.php.net/rfc/improve_predictable_prng_random > > This RFC includes results of recent PRNG related discussions. > I would like to keep it simple, but basic object feature will be > implemented. > > Methods could raise exceptions for invalid operations rather than ignoring. > > Comments? > I realized BC in PHP 7.1 is not so obvious. I added what's broken by PHP 7.1. I also made to raise exception for insane usage. Reseed cycle can be set up to 2^31. https://wiki.php.net/rfc/improve_predictable_prng_random RFC is written to implement to be minimal/enough to fix issues consistently. Adding new Random object or methods are easy if these are needed. Please note that RFC objectives are - Fix BC made by PHP 7.1. (For PHP 7.1, we may simply add new state for rand()/srand(), but this is out of scope) - Use MT rand optimal way - Keep it simple to be minimal - Keep consistency across APIs There are worry about CSPRNG overhead, reading 2500 bytes from CSPRNG on PHP 7.1-dev debug build took less than 0.00001 sec with my PC. [yohgaki@dev PHP-7.1]$ ./php-bin -d error_reporting=-1 -r '$s = microtime(true);for ($i=0; $i<1000; $i++) $n=random_bytes(2500); var_dump(microtime(true)-$s);' float(0.010347843170166) Since it will reseed 1 in 100, average overhead is less than 0.0000001 sec with debug build. 100 seems good choice. IMO. I don't mind to use larger reseed cycle default if it isn't too large. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net