Question: Is there a nonzero chance of a PHP application running at boot time on an older GNU/Linux machine? If so, should we adopt this "unseeded CSPRNG" mitigation employed by libsodium for ancient Linux kernels?
https://github.com/jedisct1/libsodium/issues/374 https://github.com/jedisct1/libsodium/commit/c752eb55d9e9992bc38e7790128953427aa0a89f This could be done as a security patch for PHP 7.0.x if there's any concern about startup entropy e.g. on embedded devices. I'm not aware of any such projects being written in PHP, so my intuition is this is a non-issue for us. Regards, Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com>