Hi
On 7/25/22 13:14, Go Kudo wrote:
However, I still think the overhead of the getrandom syscall in a Linux
environment is significant and should be considered.
I disagree. On my Intel(R) Core(TM) i5-2430M with Ubuntu 20.04 with
Linux 5.4.0-123-generic I can call random_bytes(16) (128 Bits of
randomness which is sufficient for ~everything) 100000 times in ~140ms:
<?php
for ($i = 0; $i < 100000; $i++) {
$foo = random_bytes(16);
}
The same script modified to just set `$foo = is_int(1)` runs in 20ms:
<?php
for ($i = 0; $i < 100000; $i++) {
$foo = is_int(1);
}
Thus the time of syscalling getrandom() on my machine (which definitely
is not modern hardware) 100k times is 120ms or 1.2us per call.
I would suggest deprecating mt_srand()/srand() and using php_random_bytes()
in sessions etc. for PHP 8.3 for better security.
Syscalling getrandom() a few times to seed a PRNG or to generate a
session ID is not going to have a measurable effect. As I said in my
previous email:
"The cost of a few getrandom() syscalls is not really measurable
compared to the time spent waiting for the database, file IO or template
rendering."
I think this is a safe implementation due to the nature of CSPRNG, what do
you think?
I'm pretty sure the implementation is unsafe when the process calls
fork() which might happen with
https://www.php.net/manual/en/function.pcntl-fork.php.
The *only thing* I trust with actually generating proper
cryptographically secure randomness is the kernel. Non-kernel
implementations have proven to be insecure over and over again.
Best regards
Tim Düsterhus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
