PHP RFC: Unify crypt source INI settings

• Version: 0.1
• Date: 2014-02-24
• Author: Yasuo Ohgaki yohgaki@ohgaki.net
• Status: Under Discussion
• First Published at: http://wiki.php.net/rfc/unified-crypt-source

Crypt source such as /dev/urandom is mandatory for secure programs. None the less, PHP does not have way to specify crypt source as a core. This RFC proposes 2 new INIs for it.

Introduce 2 new INIs for all platforms.

Pseudo RNG - non-blocking. INI_PERDIR

random.entropy_strong_source=       (/dev/(u|a)random etc. Default: depends on platform)

RNG - may block. INI_PERDIR

random.entropy_crypto_source=        (/dev/random etc. Default: depends on platform)

Appropriate default for the platform is detected during build time.

session.entropy_file uses /dev/*random. It share the random.entropy_strong_source if it is empty. (Like default_charset with Default Char Encoding RFC)

None.

PHP 5.6

session/mcrypt, any extension uses /dev/*random. These module's code is changed to use new INI settings where it is possible.

None

• hardcoded default values

None, but appropriate values will bet set for the platform.

• php.ini-development values
• php.ini-production values

;random.entropy_strong_source="/dev/urandom" (INI_PERDIR) 
;random.entropy_crypto_source="/dev/random" (INI_PERDIR)

Note: INI lines are commented out.

Under Windows, different values may be set.

None

Although this RFC affects some modules, it does not affects existing feature. All function should remains as it is now.

These 2 INIs may be used crypto related new and existing modules.

Yes/No

TBD

After the project is implemented, this section should contain

1. the version(s) it was merged to
2. a link to the git commit(s)
3. a link to the PHP manual entry for the feature

Links to external references, discussions or RFCs

Keep this updated with features that were discussed on the mail lists.