Hi all,
Voting has now closed on this RFC. The feature has been accepted for PHP 7
with votes of 41 - 0.
Thanks to all who participated in the discussion and gave feedback.
Regards,
Leigh.
Le 15/03/2015 04:23, Sammy Kaye Powers a écrit :
A two week discussion period has been held for the reliable user-land
CSPRNG RFC to add `random_bytes()` and `random_int()`. The RFC has now been
moved into voting.
Hi,
We've talked about this RFC with other people at AFUP and are +1.
Thanks!
-
Hi,
On 16/03/2015 00:25, Leigh wrote:
Indeed we would, it's the kind of issue that would get solved pretty
quickly (imho). Maybe it was an issue at some point in the past and
there's still misinformation out there? Who knows, it certainly isn't an
issue today.
thanks everyone for the clarifi
On 15 March 2015 at 22:56, Stanislav Malyshev wrote:
>
> if
> running PRNG for "too long" is dangerous, wouldn't we already have much
> more serious problem with encryption routines based on them which
> basically do it all the time?
Indeed we would, it's the kind of issue that would get solved
Hi!
> I want to vote yes, but naming is something that scares me a bit.
> Without any indication that it's CSPRNG, people might start using it
> even when unnecessary, and I'd be worried about potential negative
> effects, such as exhausting the entropy pool. It's probably more of a
After reading
On Sun, Mar 15, 2015 at 11:29 AM, Matteo Beccati wrote:
> On 15/03/2015 04:23, Sammy Kaye Powers wrote:
>
>> A two week discussion period has been held for the reliable user-land
>> CSPRNG RFC to add `random_bytes()` and `random_int()`. The RFC has now
>> been
>> moved into voting.
>>
>> https://
On 15 March 2015 at 13:17, Pádraic Brady wrote:
>
> Were folk to use random_int() by default, it would be actually be
> considerably better than the situation today where many reach for
> mt_rand() without really considering the use case. Using a strong
> source of ints instead of a weak source st
On 15 March 2015 at 10:29, Matteo Beccati wrote:
>
> I want to vote yes, but naming is something that scares me a bit. Without
> any indication that it's CSPRNG, people might start using it even when
> unnecessary, and I'd be worried about potential negative effects, such as
> exhausting the entro
Hi Matteo,
On 15 March 2015 at 10:29, Matteo Beccati wrote:
> Disclaimer: I do know a little about security, but I am not a crypto-expert
> by any means. If I'm saying something silly, just let me know ;)
>
> I want to vote yes, but naming is something that scares me a bit. Without
> any indicati
On 15/03/2015 04:23, Sammy Kaye Powers wrote:
A two week discussion period has been held for the reliable user-land
CSPRNG RFC to add `random_bytes()` and `random_int()`. The RFC has now been
moved into voting.
https://wiki.php.net/rfc/easy_userland_csprng
There was some discussion of prefixing
A two week discussion period has been held for the reliable user-land
CSPRNG RFC to add `random_bytes()` and `random_int()`. The RFC has now been
moved into voting.
https://wiki.php.net/rfc/easy_userland_csprng
There was some discussion of prefixing the function names with `crypto_*()`
but there
11 matches
Mail list logo
