[PHP-INTERNALS] [RFC] Platform and extension-independent API to the system CSPRNG

I added it there under the In Draft category, if you have a better name or
short description, just tell me, and I will update it there.

I have also set up a github repo with 4 files in it. It is a first hack of
a function that does part of what I described in the RFC. It's based on
the interface of openssl_random_pseudo_bytes() and the guts of
mcrypt_create_iv(). It is provisionally named cs_random_bytes().

For now it builds and works at least this much:

$ sapi/cli/php -r 'echo bin2hex(cs_random_bytes(8)) . PHP_EOL;'
4cd0965922470560


The hard work will be implementing the $is_strong_result flag in a
platform independent way. You need to read the status of the entropy pool.
The current code does that for Linux (maybe?). On FreeBSD you use
sysctl(3) to read kern.random.sys.seeded. On OS X you ask securityd.
Windows is actually easier.

And what about other OSs? What is PHP normally tested on and would that be
a suitable guide for cs_random_bytes()?

In any case, I am no C programmer. I'm just a web dev. I don't even know
how to ask if sysctl(3) is present.


Tom

I forgot the URL: https://github.com/tom--/php-cs_random_bytesemo

:X

tom

pls add it to the RFC, the right one as this one is a 404.

I added it at the top, I hope that's ok.

the URL is https://github.com/tom--/php-cs_random_bytes

Thanks for pointing that out
Tom

hi,

Some comments, same as I did before:

cs means crypto safe. In your implementation, it is by no mean crypto
safe as it relies on urandom for the cases where /dev/random did not
return enough data (some OS are non blocking here), while linux is.

It should detect which entropy sources are available. Be /dev/random
or other like entropy daemon or similar systems providing a device.
Doing so will make this function works fine on almost all systems.

Cheers,

Pierre,

1. The proposal in the RFC is explicit: "The function should neither block
nor return a failure status in the case that the systems entropy pool is
depleted. However, it should allow the caller to discover if this is the
case. etc..."

2. The current code implements that by setting the $is_strong_result flag
if it has to resort to urandom on Linux.

So, afaikt, what has been done _so_far_ is in alignment with your
preferences. Correct?

As I said in the email discussing implementation, setting
$is_strong_result requires different code for each OS and this has not
been implemented yet.

Tom

I'm glad someone is doing something about making more sources of
randomness in PHP.

Instead of a 'bool', use an 'int' for $is_strong_result but more
accurately call it $result_strength. Assign a minimum recommended
threshold in the documentation against which application developers can
act. That is, let the application developer decide what the minimum
strength is that they are willing to accept. Otherwise, from an
application developer's perspective, it will appear to be some arbitrary
internal decision and won't really be a significant improvement over
other PHP functions - it'll just be one more confusing option to pick from.


As an aside, I recently developed a sufficient-for-most-needs CSPRNG in
pure PHP:

http://barebonescms.com/documentation/csprng/

I am pleased to hear it.

The RFC has its lengthy name because this effort aims to add an API to the
system CSPRNG and nothing else.

The various system CSPRNGs, to the best of my knowledge, are not able to
provide a randomness metric. They indicate if they are adequately seeded
or not. Hence $is_strong_result is a boolean. If we limit to the scope as
currently defined then I do not see how to introduce a "degree of true
randomness" result.