hi, Some comments, same as I did before:
cs means crypto safe. In your implementation, it is by no mean crypto safe as it relies on urandom for the cases where /dev/random did not return enough data (some OS are non blocking here), while linux is. It should detect which entropy sources are available. Be /dev/random or other like entropy daemon or similar systems providing a device. Doing so will make this function works fine on almost all systems. Cheers, On Mon, Jan 9, 2012 at 2:00 PM, Tom Worster <f...@thefsb.org> wrote: > I added it at the top, I hope that's ok. > > the URL is https://github.com/tom--/php-cs_random_bytes > > Thanks for pointing that out > Tom > > On 1/9/12 7:54 AM, "Pierre Joye" <pierre....@gmail.com> wrote: > >>pls add it to the RFC, the right one as this one is a 404. >> >>On Mon, Jan 9, 2012 at 2:58 AM, Tom Worster <f...@thefsb.org> wrote: >>> I forgot the URL: https://github.com/tom--/php-cs_random_bytesemo >>> >>> :X >>> >>> tom >>> >>> On 1/8/12 8:56 PM, "Tom Worster" <f...@thefsb.org> wrote: >>> >>>>I have also set up a github repo with 4 files in it. It is a first hack >>>>of >>>>a function that does part of what I described in the RFC. It's based on >>>>the interface of openssl_random_pseudo_bytes() and the guts of >>>>mcrypt_create_iv(). It is provisionally named cs_random_bytes(). >>>> >>>>For now it builds and works at least this much: >>>> >>>>$ sapi/cli/php -r 'echo bin2hex(cs_random_bytes(8)) . PHP_EOL;' >>>>4cd0965922470560 >>>> >>>> >>>>The hard work will be implementing the $is_strong_result flag in a >>>>platform independent way. You need to read the status of the entropy >>>>pool. >>>>The current code does that for Linux (maybe?). On FreeBSD you use >>>>sysctl(3) to read kern.random.sys.seeded. On OS X you ask securityd. >>>>Windows is actually easier. >>>> >>>>And what about other OSs? What is PHP normally tested on and would that >>>>be >>>>a suitable guide for cs_random_bytes()? >>>> >>>>In any case, I am no C programmer. I'm just a web dev. I don't even know >>>>how to ask if sysctl(3) is present. >>>> >>>> >>>>Tom >>>> >>>> >>>>On 1/8/12 7:42 PM, "Tom Worster" <f...@thefsb.org> wrote: >>>> >>>>>I added the new RFC https://wiki.php.net/rfc/csrandombytes which is in >>>>>its >>>>>first draft. >>> >>> >>> >>> -- >>> PHP Internals - PHP Runtime Development Mailing List >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >> >> >> >>-- >>Pierre >> >>@pierrejoye | http://blog.thepimp.net | http://www.libgd.org > > -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
