On Wed, Dec 16, 2020 at 8:46 AM zeriyoshi <zeriyo...@gmail.com> wrote:
Hello. I have created an account on the PHP.net wiki to create an RFC about this. Can you grant me editing privileges? As for suggestion two, I sent a PR to php-src on GitHub. https://github.com/php/php-src/pull/6520 Fortunately, Nikita seems to be checking it out. Thank you very much. P.S: I had mentioned earlier that php_combined_lcg() was used in the session, but I checked and it seems not to be the case now. I will correct it. Sorry about that. Regards, Go Kudo 2020年12月16日(水) 23:46 zeriyoshi <zeriyo...@gmail.com>: > Nice to meet you, internals. > > PHP 8.0 has been released. With the inclusion of JIT, PHP is about to be > extended beyond the web. > > So I'd like to make a few suggestions. > > First , PHP has the historical Mersenne Twister PRNG. However, this > implementation keeps its state in a global and cannot be handled as an > object like other languages (e.g. Java). > > So, I created a PHP Extension and proposed it to PECL. > > https://marc.info/?l=pecl-dev&m=160795415604102&w=2 > https://github.com/zeriyoshi/php-ext-orng > > But, Then I looked at the mailing list archives and noticed that a similar > proposal had been made before. > > https://externals.io/message/98021#98130 > > I feel that this suggestion is needed now to expand PHP beyond the web. > > Second suggestion is to stop using the Combined LCG as the default seed > value for each function. > > PHP's Combined LCG only uses PID (or ZTS Thread ID) and time as entropy. > https://github.com/php/php-src/blob/master/ext/standard/lcg.c#L72 > > With the development of container technology, this problem seems to be > getting more serious. So I think we should use the random numbers provided > by the OS (getrandom on Linux) if available. > > I would like to hear your opinions. > > Regards > Go Kudo <zeriyo...@gmail.com> >
