====== PHP RFC: Unify crypt source INI settings ====== * Version: 0.1 * Date: 2014-02-24 * Author: Yasuo Ohgaki * Status: Under Discussion * First Published at: http://wiki.php.net/rfc/unified-crypt-source ===== Introduction ===== Crypt source such as /dev/urandom is mandatory for secure programs. None the less, PHP does not have way to specify crypt source as a core. This RFC proposes 2 new INIs for it. ===== Proposal ===== Introduce 2 new INIs for all platforms. Pseudo RNG - non-blocking. INI_PERDIR random.entropy_strong_source= (/dev/(u|a)random etc. Default: depends on platform) RNG - may block. INI_PERDIR random.entropy_crypto_source= (/dev/random etc. Default: depends on platform) Appropriate default for the platform is detected during build time. session.entropy_file uses /dev/*random. It share the random.entropy_strong_source if it is empty. (Like default_charset with Default Char Encoding RFC) ===== Backward Incompatible Changes ===== None. ===== Proposed PHP Version(s) ===== PHP 5.6 ===== Impact to Existing Extensions ===== session/mcrypt, any extension uses /dev/*random. These module's code is changed to use new INI settings where it is possible. ===== New Constants ===== None ===== php.ini Defaults ===== * hardcoded default values None, but appropriate values will bet set for the platform. * php.ini-development values * php.ini-production values ;random.entropy_strong_source="/dev/urandom" (INI_PERDIR) ;random.entropy_crypto_source="/dev/random" (INI_PERDIR) Note: INI lines are commented out. Under Windows, different values may be set. ===== Open Issues ===== None ===== Unaffected PHP Functionality ===== Although this RFC affects some modules, it does not affects existing feature. All function should remains as it is now. ===== Future Scope ===== These 2 INIs may be used crypto related new and existing modules. ===== Proposed Voting Choices ===== Yes/No ===== Patches and Tests ===== TBD ===== Implementation ===== After the project is implemented, this section should contain - the version(s) it was merged to - a link to the git commit(s) - a link to the PHP manual entry for the feature ===== References ===== Links to external references, discussions or RFCs ===== Rejected Features ===== Keep this updated with features that were discussed on the mail lists.