On 1/9/12 10:39 AM, "Thomas Hruska" <thru...@cubiclesoft.com> wrote:
>I'm glad someone is doing something about making more sources of >randomness in PHP. I am pleased to hear it. >Instead of a 'bool', use an 'int' for $is_strong_result but more >accurately call it $result_strength. Assign a minimum recommended >threshold in the documentation against which application developers can >act. That is, let the application developer decide what the minimum >strength is that they are willing to accept. Otherwise, from an >application developer's perspective, it will appear to be some arbitrary >internal decision and won't really be a significant improvement over >other PHP functions - it'll just be one more confusing option to pick >from. The RFC has its lengthy name because this effort aims to add an API to the system CSPRNG and nothing else. The various system CSPRNGs, to the best of my knowledge, are not able to provide a randomness metric. They indicate if they are adequately seeded or not. Hence $is_strong_result is a boolean. If we limit to the scope as currently defined then I do not see how to introduce a "degree of true randomness" result. >As an aside, I recently developed a sufficient-for-most-needs CSPRNG in >pure PHP: > >http://barebonescms.com/documentation/csprng/ > >-- >Thomas Hruska >CubicleSoft President > >Barebones CMS is a high-performance, open source content management >system for web developers operating in a team environment. > >An open source CubicleSoft initiative. >Your choice of a MIT or LGPL license. > >http://barebonescms.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
