On Sun, Feb 8, 2015 at 2:18 PM, Tom Worster wrote:
>
> On 2/8/15, 12:52 PM, "Daniel Lowrey" wrote:
>
> >On Sun, Feb 8, 2015 at 12:11 PM, Tom Worster wrote:
> >>
> >> Thanks Damien and Daniel for the info.
> >>
> >> I am not concerned about running out of entropy. I am concerned about
> >> usersp
On 2/8/15, 12:52 PM, "Daniel Lowrey" wrote:
>On Sun, Feb 8, 2015 at 12:11 PM, Tom Worster wrote:
>>
>> Thanks Damien and Daniel for the info.
>>
>> I am not concerned about running out of entropy. I am concerned about
>> userspace RNGs such as OpenSSL
>> http://sockpuppet.org/blog/2014/02/25/saf
On Sun, Feb 8, 2015 at 12:11 PM, Tom Worster wrote:
>
> Thanks Damien and Daniel for the info.
>
> I am not concerned about running out of entropy. I am concerned about
> userspace RNGs such as OpenSSL
> http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
Just to be clear (as Da
Thanks Damien and Daniel for the info.
I am not concerned about running out of entropy. I am concerned about
userspace RNGs such as OpenSSL
http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/
On 2/8/15, 12:04 PM, "Damien Tournoud" wrote:
>On Sun, Feb 8, 2015 at 5:15 PM, Dani
On Sun, Feb 8, 2015 at 5:15 PM, Daniel Lowrey wrote:
> Currently PHP's openssl_random_pseudo_bytes() uses the latter function and
> allows users to pass a by-reference $crypto_strong out parameter to
> determine if the result is cryptographically strong. This is fine if you
> know all of the abov
On Sun, Feb 8, 2015 at 4:24 AM, Tom Worster wrote:
> 3. Will the OpenSSL ext remain as it currently stands?
There has been talk of replacing it with a more generic implementation that
can swap out the underlying components so we aren't dependent upon a single
library. The crypto extension in pe
