Edit report at https://bugs.php.net/bug.php?id=61394&edit=1
ID: 61394 Updated by: paj...@php.net Reported by: tstarl...@php.net Summary: Provide secure drop-in replacement for mt_rand() Status: Open Type: Feature/Change Request Package: Unknown/Other Function PHP Version: 5.4SVN-2012-03-15 (SVN) Block user comment: N Private report: N New Comment: Hi Tim, The needs are definitively here. Some comments/questions for the record here: Which platforms do not have openssl_random_pseudo_bytes? mcrypt_generate_iv relies on external library as it is enabled only if mcrypt is available, sadly. However one could emulate it or enforce good configuration by checking and using the session.entropy_file which should be set to urandom or equivalent. Also it is important to say that URANDOM is not crytpo safe. So depending on the usages, it is not thought to be uses for security sensitive purposes. However it could be enough for one time password and related usages. Previous Comments: ------------------------------------------------------------------------ [2012-03-15 02:00:05] tstarl...@php.net Description: ------------ mt_rand() is insecure, but people keep using it for security-sensitive purposes anyway, because: * The interface is more familiar than functions that return binary strings, like openssl_random_pseudo_bytes() and mcrypt_create_iv(). Legacy code uses rand() or mt_rand(). * openssl_random_pseudo_bytes() and mcrypt_generate_iv() are not available on every platform, so mt_rand() is a simple alternative for a developer of distributed software. I propose adding a function to ext/standard which has the same parameters and return value type as mt_rand(), but uses a secure random source. In particular, I think the random number generation method used by mcrypt_generate_iv(..., MCRYPT_DEV_URANDOM) is most appropriate. It is fast and works on virtually every platform supported by PHP without external library dependencies. Like mcrypt_generate_iv(), the new function could raise a warning and return false if /dev/urandom cannot be opened. The application can then decide based on its security policies whether it wishes to fall back to mt_rand() or abort the transaction. The function could be called os_rand(), like Python's os.urandom(), or secure_rand() or rand_s(), like in the Windows CRT security extension. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=61394&edit=1
