Hi! > Some of us worried about CSPRNG state exposure. I'm wondering how many > of you will vote in favor if I change the RFC to use hash functions > optionally. This means code and INI settings related to hash function > selection will remain. Please note that ext/hash is not built always. > If you against keeping hash related code, please let me know also.
Re-reading RFC, I'd also propose this: - Make session.sid_bits_per_character take value from session.hash_bits_per_character if the latter is defined and the former is not - Remove use_strict_mode change, it is a different issue. With this, and possibility of keeping hash as non-default option, I'd be for this RFC. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
