rfc:csrandombytes
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:csrandombytes [2012/01/08 16:05] – [Requirement] fsb | rfc:csrandombytes [2021/03/27 14:30] (current) – Move to inactive ilutov | ||
---|---|---|---|
Line 3: | Line 3: | ||
* Date: 2012 Jan 8 | * Date: 2012 Jan 8 | ||
* Author: Tom Worster < | * Author: Tom Worster < | ||
- | * Status: | + | * Status: |
+ | * Sandbox: https:// | ||
Platform and extension-independent API to the system CSPRNG | Platform and extension-independent API to the system CSPRNG | ||
Line 25: | Line 26: | ||
A PHP programmer writing platform independent software that cannot make assumptions regarding the deployment environment (e.g. a contractor) will have to proceed roughly as follows: | A PHP programmer writing platform independent software that cannot make assumptions regarding the deployment environment (e.g. a contractor) will have to proceed roughly as follows: | ||
- | 1. Try openssl_random_pseudo_bytes(). It is part of the openssl extension so it cannot be assumed to be available. | + | 1. Try [[http:// |
- | 2. Try mcrypt_create_iv(). It is part of the mcrypt extension so it cannot be assumed to be available. | + | 2. Try [[http:// |
Those are the two best options because they are platform independent and properly abstracted in the PHP API. However, if both are unavailable the programmer may precede with other options: | Those are the two best options because they are platform independent and properly abstracted in the PHP API. However, if both are unavailable the programmer may precede with other options: | ||
- | 3. Try to read from / | + | 3. Try to fread() |
- | 4. Another platform independent option is session abuse: Try reading session_id() and setting ini_set(‘session.entropy_length’, | + | 4. Another platform independent option is session abuse: Try reading |
- | 5. Finally if the script is running on Windows it may attempt to use a direct Windows API call such as COM(' | + | 5. Finally if the script is running on Windows it may attempt to use a direct Windows API call such as [[http:// |
- | or DOTNET(' | + | or [[http:// |
- | ' | + | ' |
If all the above fail then the script will not be able to read a string from the system’s CSPRNG. As a consequence it may fail to operate properly, either by performing its task insecurely or by refusing to preform the task. Whenever this happens, neither the script nor the operating system is to blame—at fault is either the PHP API or the system configuration, | If all the above fail then the script will not be able to read a string from the system’s CSPRNG. As a consequence it may fail to operate properly, either by performing its task insecurely or by refusing to preform the task. Whenever this happens, neither the script nor the operating system is to blame—at fault is either the PHP API or the system configuration, | ||
- | [An example of a PHP package that works roughly along the lines set out above is https:// | + | [An example of a PHP package that works roughly along these lines is [[https:// |
Line 48: | Line 49: | ||
There are two reasons why this situation is unsatisfactory. First, PHP programmers should be able to write scripts that use CS random data without risking failure in the field due to unfortunate configuration of the production environment. The programmer, after all, may have no influence over the production environment and might not be in a position to dictate requirements. Nevertheless, | There are two reasons why this situation is unsatisfactory. First, PHP programmers should be able to write scripts that use CS random data without risking failure in the field due to unfortunate configuration of the production environment. The programmer, after all, may have no influence over the production environment and might not be in a position to dictate requirements. Nevertheless, | ||
- | Second, even if the probability | + | Second, even if the probability |
==== Does anything need to be done? ==== | ==== Does anything need to be done? ==== | ||
Line 64: | Line 65: | ||
This function shuld have a parameter specifying the number of random bytes the caller requests. The return value is a string of the requested byte length, the value being provided by the system CSPRNG. | This function shuld have a parameter specifying the number of random bytes the caller requests. The return value is a string of the requested byte length, the value being provided by the system CSPRNG. | ||
- | The function should neither block nor return a failure status in the case that the systems entropy pool is depleted. However, it should allow the caller to discover if this is the case. Thus it should behave as openssl_random_pseudo_bytes() does, continuing to return bytes from the system CSPRNG even when its entropy sources are low and offering a flag it sets if the caller reads beyond what the CSPRNG considers secure. In other words, it should neither behave like /dev/random on Linux, which blocks when entropy is low, nor like mcrypt_create_iv(), | + | The function should neither block nor return a failure status in the case that the systems entropy pool is depleted. However, it should allow the caller to discover if this is the case. Thus it should behave as openssl_random_pseudo_bytes() does, continuing to return bytes from the system CSPRNG even when its entropy sources are low and offering a flag that is set if the caller reads beyond what the CSPRNG considers secure. In other words, it should neither behave like /dev/random on Linux, which blocks when entropy is low, nor like mcrypt_create_iv(), |
- | owledge. | + | |
- | |||
- | ==== Rejected Features ==== | ||
- | |||
- | Automated voting system. | ||
===== Changelog ===== | ===== Changelog ===== |
rfc/csrandombytes.1326038758.txt.gz · Last modified: 2017/09/22 13:28 (external edit)