On 3 Sep 2008, at 03:33, David Coallier wrote:
2008/9/2 Scott MacVicar <[EMAIL PROTECTED]>:
Hi All,
Attached and uploaded [1] is a patch to add the OpenSSL random
pseudo byte
function, at the moment it will return FALSE if the bytes aren't
considered
cryptographically strong, I am however considering making this
parameter
controlled.
Any objections to me applying this to 5.3?
I'd say that 5.3 should be a rather "stable" version and that if we
add features we should make sure they are rock solid now.
This function has been in OpenSSL for 8 years and supported by every
version since 0.9.5. It's literally just exposing the API, it's safe
for inclusion in 5.3 in my opinion.
Perhaps
adding the control (Parameter to control the security/cryptography
level) now would save time and would make it a thing less to look back
in the future.
It's not a cryptography level / control. The problem is that the PRNG
can run out of data if there isn't enough entropy available, you can
still take the result but it's not strong.
I should say this function isn't for key generation but for use in
places that you need random data.
Scott
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
