Edit report at https://bugs.php.net/bug.php?id=61394&edit=1
ID: 61394 Comment by: tstarl...@php.net Reported by: tstarl...@php.net Summary: Provide secure drop-in replacement for mt_rand() Status: Open Type: Feature/Change Request Package: Unknown/Other Function PHP Version: 5.4SVN-2012-03-15 (SVN) Block user comment: N Private report: N New Comment: Sorry, by platform I meant server. It is available for every platform but it is not installed by default. mcrypt_generate_iv() does not rely on libmcrypt, the implementation just happens to be inside the mcrypt extension. In r300273 and r300289 you factored out the Windows part of mcrypt_generate_iv() into php_win32_get_random_bytes(), so that it would be available for other extensions. I'm saying it would be nice if you could factor out the rest of it too, and then provide an easy-to-use interface to the urandom/CryptGenRandom source in ext/standard. Previous Comments: ------------------------------------------------------------------------ [2012-03-15 07:16:23] paj...@php.net Hi Tim, The needs are definitively here. Some comments/questions for the record here: Which platforms do not have openssl_random_pseudo_bytes? mcrypt_generate_iv relies on external library as it is enabled only if mcrypt is available, sadly. However one could emulate it or enforce good configuration by checking and using the session.entropy_file which should be set to urandom or equivalent. Also it is important to say that URANDOM is not crytpo safe. So depending on the usages, it is not thought to be uses for security sensitive purposes. However it could be enough for one time password and related usages. ------------------------------------------------------------------------ [2012-03-15 02:00:05] tstarl...@php.net Description: ------------ mt_rand() is insecure, but people keep using it for security-sensitive purposes anyway, because: * The interface is more familiar than functions that return binary strings, like openssl_random_pseudo_bytes() and mcrypt_create_iv(). Legacy code uses rand() or mt_rand(). * openssl_random_pseudo_bytes() and mcrypt_generate_iv() are not available on every platform, so mt_rand() is a simple alternative for a developer of distributed software. I propose adding a function to ext/standard which has the same parameters and return value type as mt_rand(), but uses a secure random source. In particular, I think the random number generation method used by mcrypt_generate_iv(..., MCRYPT_DEV_URANDOM) is most appropriate. It is fast and works on virtually every platform supported by PHP without external library dependencies. Like mcrypt_generate_iv(), the new function could raise a warning and return false if /dev/urandom cannot be opened. The application can then decide based on its security policies whether it wishes to fall back to mt_rand() or abort the transaction. The function could be called os_rand(), like Python's os.urandom(), or secure_rand() or rand_s(), like in the Windows CRT security extension. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=61394&edit=1
