Re: [PHP-DEV] Port random_bytes to PHP 5

2015-10-14 Thread Pierre Joye
On Oct 14, 2015 4:06 PM, "Sebastian Bergmann" wrote: > > On 10/13/2015 04:59 PM, Anthony Ferrara wrote: > > Overall, I don't think this should be ported back to 5.x > > +1 Same here. There are working solutions already for 5.4+, for example openssl rng functions and compat. Cheers, Pierre

Re: [PHP-DEV] Port random_bytes to PHP 5

2015-10-14 Thread Sebastian Bergmann
On 10/13/2015 04:59 PM, Anthony Ferrara wrote: > Overall, I don't think this should be ported back to 5.x +1 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Port random_bytes to PHP 5

2015-10-13 Thread Tom Worster
On 10/13/15, 10:59 AM, "Anthony Ferrara" wrote: > >Overall, I don't think this should be ported back to 5.x > >First off, it's pretty late in both 5.5 and 5.6 lifetimes (5.6 is >already up to .14). > >Introducing a feature this late would basically make it useless to the >vast majority of users of

Re: [PHP-DEV] Port random_bytes to PHP 5

2015-10-13 Thread Anthony Ferrara
Tom, On Tue, Oct 13, 2015 at 10:17 AM, Tom Worster wrote: > On 10/12/15 10:53 PM, Larry Garfield wrote: >> >> On 10/12/2015 07:29 PM, Tom Worster wrote: >>> >>> Could we regard random_bytes() as a security patch rather than a new >>> feature and therefore port it to PHP 5? >>> >>> Error handling

Re: [PHP-DEV] Port random_bytes to PHP 5

2015-10-13 Thread Rowan Collins
Tom Worster wrote on 13/10/2015 01:29: Could we regard random_bytes() as a security patch rather than a new feature and therefore port it to PHP 5? Whether or not it's good for security, it's still a feature - you still have to code your application to depend on this feature being present, or

Re: [PHP-DEV] Port random_bytes to PHP 5

2015-10-13 Thread Tom Worster
On 10/12/15 10:53 PM, Larry Garfield wrote: On 10/12/2015 07:29 PM, Tom Worster wrote: Could we regard random_bytes() as a security patch rather than a new feature and therefore port it to PHP 5? Error handling would have to change but that should be feasible. Iirc, earlier commits of random_by

Re: [PHP-DEV] Port random_bytes to PHP 5

2015-10-12 Thread Larry Garfield
On 10/12/2015 07:29 PM, Tom Worster wrote: Could we regard random_bytes() as a security patch rather than a new feature and therefore port it to PHP 5? Error handling would have to change but that should be feasible. Iirc, earlier commits of random_bytes() had PHP 5-like behavior on error. My m

[PHP-DEV] Port random_bytes to PHP 5

2015-10-12 Thread Tom Worster
Could we regard random_bytes() as a security patch rather than a new feature and therefore port it to PHP 5? Error handling would have to change but that should be feasible. Iirc, earlier commits of random_bytes() had PHP 5-like behavior on error. My motivation: it's easier to defend abandoning O