On 10/18/15 7:39 PM, Ángel González wrote:
Korvin wrote:
+1 for 7.0.x security patch release, best effort sounds scary.
This is a salt. It doesn't need to be cryptographically secure. Using
php_rand()
there should pose no problem.
I would actually include that into the patch (move old lines 154-156
into the
FAILURE if).
A password salt needs to be unique. It does not need to be drawn from a
CSPRNG but that is one of the few ways we can be reasonably confident of
uniqueness (since, as usual, we assume the platform RNG is properly seeded).
I can seed php_rand() from my script but, other than using the platform
RNG, I have no idea how. Or I can let PHP seed it but its algorithm, a
function of time and PID, shows PHP doesn't know how either.
As PHP's version numbers increase, so should it's rigor in using best
practices. I've no problem with apps breaking in the 5 -> 7 upgrade if
they have no access to platform RNG. So doing Anthony's proposed change
as early as possible in 7.0.x is best.
Tom
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
