On Sun, 29 Apr 2001, James Moore wrote:
>
> > > > In order to avoid this you actually have to call it at completely
> > > different
> > > > times, something you can't really guarantee. We should
> > probably not use
> > > > the timestamp as the seed (at least not alone), but also take
> > the pid into
> > > > account.
> > > >
> > > > Zeev
> > > >
> > >
> > >That only really works for forking webservers, does it not? Another
> > >alternative
> > >would be to use microseconds...
> >
> > Yeah we could use microseconds but are they available on all platforms?
> > In any case, on non-forking servers we can use thread id.
>
> We have accuracy to milliseconds only on Win32.
It is enough... We can use gettimeofday or getitimer on linux, gethrtime
on Solaris, ftime on windows, etc. There are other ways to insert some
more pseudo randomness as well. Hashes of data that changes quickly is
enough (environment, all PIDs, ideas?). BTW we do not need so much
randomness for the crypt function. It can not be used for cryptography -
the salt is just to prevent pregenerated dictionaries. Perhaps we can add
another function for the PHP programmer to insert additional entropy while
working? The modern linuxes gather some random data from the times between
the keystrokes and the time between the network packets arrive - we can
use it but it is only available on some linuxes. Or we can add some
extension to gather better random data from the times between the page
requests?
>
> - James
>
> --
> PHP Development Mailing List <http://www.php.net/>
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
