On Wed, Jan 18, 2017 at 10:22 AM, Nikita Popov <nikita....@gmail.com>
The patch initializes the full MT state vector, approximately 2.5KB of memory, from a CSPRNG. To put this into perspective, 16 bytes are generally considered to be sufficient for cryptographic keying material. Does this seem somewhat disproportionate?
It's a lot, but it's also a simple and clean solution. Randomizing only 16 bytes doesn't really work, because the randomness is twisted so slowly in MT19937. Any randomness needs to be stretched over the whole state immediately.
If it's not acceptable to randomize the whole state, I'd recommend using php_random_int_silent() to generate a single seed. This would be easy to implement by simply changing GENERATE_SEED() into a function which first tries php_random_int_silent() but has the current method as a fallback. This would fix other use cases of GENERATE_SEED() as well.
On 2017-01-18 08:04, Yasuo Ohgaki wrote:
Lauri, You wrote the patch. Could you make Pull Request to github's php-src repo?If you prefer not to, I'll make the PR. I think your patch should be applied from PHP-7.0 branch.
I've revised my patch (added GENERATE_SEED() fallback), see [1]. I can send that against master if the approach is accepted here. If you want it in PHP-7.0 or PHP-7.1, please merge it yourself, thank you.
[1] https://github.com/Metabolix/php-src/tree/mt_srand_auto-pr -- Lauri Kenttä -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
