"Dantman" posted a comment on MediaWiki.r111964. URL: http://www.mediawiki.org/wiki/Special:Code/MediaWiki/111964#c32019
Commit summary for MediaWiki.r111964: Commit a new cryptographic random generator class for use in MediaWiki. Waiting for it to be reviewed before actually making use of it inside code and adding a RELEASE-NOTES entry. Dantman's comment: Any real reason to use a singleton? I originally considered using instances. But after thinking about the way the code reads from urandom and tries to avoid wasting randomness I decided it would be better to just keep it static. Anyone who tries to get ''more'' security by initializing a new instance other than the singleton risks depleting entropy or resetting the random state to the start reducing the unpredictability. I incorporated your comments on streem_set_read_buffer and the chunk_size into my code ideas page along with some other notes. The future iteration should include those improvements along with some others. _______________________________________________ MediaWiki-CodeReview mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-codereview
