On Aug 24, 2015 9:38 AM, Scott Arciszewski sc...@paragonie.com wrote:
There is no /dev/urandom on the Windows operating system, so that
system is not universal.
For tge record, all version of crypto safe RNG (at least mcrypt and
openssl) use the windows crypto API since some time already.
I
Larry Garfield wrote on 23.08.2015 18:19:
On 08/22/2015 07:33 PM, Thomas Bley wrote:
Anthony Ferrara wrote on 22.08.2015 21:58:
All,
I am putting a simple RFC up for discussion to make random_* throw
exceptions on failure in order to ensure we fail-closed.
On 08/22/2015 07:33 PM, Thomas Bley wrote:
Anthony Ferrara wrote on 22.08.2015 21:58:
All,
I am putting a simple RFC up for discussion to make random_* throw
exceptions on failure in order to ensure we fail-closed.
https://wiki.php.net/rfc/random-function-exceptions
Considering this topic
On 23 Aug 2015, at 18:37, Thomas Bley ma...@thomasbley.de wrote:
consider this code:
declare(strict_types=0);
ini_set('display_errors', '1');
function get_random_int(): int {
return false;
}
echo get_random_int();
and then use strict_types=1
So you're implying that in case of
I guess people continue to use rand() or mt_rand() if they skip the
documentation.
Even frameworks which are advertised with 100% php7 compatibility use
mt_rand().
There's nothing wrong with mt_rand() in non-security contexts, it's still
there in PHP 7. If anyone is using mt_rand() in
Scott Arciszewski wrote on 23.08.2015 02:50:
On Sat, Aug 22, 2015 at 8:33 PM, Thomas Bley ma...@thomasbley.de wrote:
Anthony Ferrara wrote on 22.08.2015 21:58:
All,
I am putting a simple RFC up for discussion to make random_* throw
exceptions on failure in order to ensure we fail-closed.
Niklas Keller wrote on 23.08.2015 16:30:
why not have false + e_warning for strict_types=0 and fatal error for
strict_types=1 ?
Doing function random_int(): int { ...
How's this connected to `strict_types`? It's not.
If people use this function without reading documentation,
why not have false + e_warning for strict_types=0 and fatal error for
strict_types=1 ?
Doing function random_int(): int { ...
How's this connected to `strict_types`? It's not.
If people use this function without reading documentation, they will also
use other things without documentation
On Sun, Aug 23, 2015 at 10:30 PM, Thomas Bley ma...@thomasbley.de wrote:
Nikita Nefedov wrote on 23.08.2015 18:27:
On 23 Aug 2015, at 18:37, Thomas Bley ma...@thomasbley.de wrote:
consider this code:
declare(strict_types=0);
ini_set('display_errors', '1');
function
Nikita Nefedov wrote on 23.08.2015 18:27:
On 23 Aug 2015, at 18:37, Thomas Bley ma...@thomasbley.de wrote:
consider this code:
declare(strict_types=0);
ini_set('display_errors', '1');
function get_random_int(): int {
return false;
}
echo get_random_int();
and then use
On Sat, Aug 22, 2015 at 8:33 PM, Thomas Bley ma...@thomasbley.de wrote:
Anthony Ferrara wrote on 22.08.2015 21:58:
All,
I am putting a simple RFC up for discussion to make random_* throw
exceptions on failure in order to ensure we fail-closed.
All,
I am putting a simple RFC up for discussion to make random_* throw
exceptions on failure in order to ensure we fail-closed.
https://wiki.php.net/rfc/random-function-exceptions
Considering this topic has already been discussed, I intend to open
voting on this as soon as allowable. Given the
On Sat, Aug 22, 2015 at 3:58 PM, Anthony Ferrara ircmax...@gmail.com wrote:
All,
I am putting a simple RFC up for discussion to make random_* throw
exceptions on failure in order to ensure we fail-closed.
https://wiki.php.net/rfc/random-function-exceptions
Considering this topic has
Anthony Ferrara wrote on 22.08.2015 21:58:
All,
I am putting a simple RFC up for discussion to make random_* throw
exceptions on failure in order to ensure we fail-closed.
https://wiki.php.net/rfc/random-function-exceptions
Considering this topic has already been discussed, I intend to
14 matches
Mail list logo