Hey Tom!
> According to one argument that has a lot of currency, it does.
You have great points that I totally agree with; after all, my
original proposal was to alias to random_bytes(). But this RFC just
targets the implementation problems, not the OpenSSL CSPRNG itself. We
already discussed in
Hi Sammy,
On 22 Oct 2018, at 9:46, Sammy Kaye Powers wrote:
What makes the function obsolete? The addition of the `random_bytes()`
Yes.
What makes the function obsolete? The addition of the `random_bytes()`
CSPRNG (which uses the kernel's CSPRNG) doesn't invalidate OpenSSL's
CSPRNG.
Accor
Hey Tom! Thanks for the feedback! :)
On Sun, Oct 21, 2018 at 8:09 PM Tom Worster wrote:
>
> At first glance I believed you were proposing that
> `openssl_random_pseudo_bytes()` should fail with an exception and that this
> would be an improvement. I would agree with that.
Yep! If the function
On 19 Oct 2018, at 16:46, Sammy Kaye Powers wrote:
I'd like to start a discussion on the "Improve
openssl_random_pseudo_bytes()" RFC:
https://wiki.php.net/rfc/improve-openssl-random-pseudo-bytes
TL;DR:
CSPRNG implementations should always fail closed so this change would
make `openssl_random_p
