rfc:deprecate_mcrypt_rand

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
rfc:deprecate_mcrypt_rand [2014/07/08 13:56] – Markup correction sarciszewskirfc:deprecate_mcrypt_rand [2016/07/16 00:59] – this RFC has been obsoleted cmb
Line 1: Line 1:
-====== PHP RFC: Deprecate MCRYPT_RAND ====== +====== PHP RFC: Remove MCRYPT_RAND (Formerly: Deprecate MCRYPT_RAND====== 
-  * Version: 0.1 +  * Version: 0.2 
-  * Date: 2014-07-08 (use today's date here)+  * Date: 2014-07-08
   * Author: Scott Arciszewski, scott@arciszewski.me   * Author: Scott Arciszewski, scott@arciszewski.me
-  * Status: Draft+  * Status: Obsoleted by [[rfc/mcrypt-viking-funeral]]
   * First Published at: http://wiki.php.net/rfc/deprecate_mcrypt_rand   * First Published at: http://wiki.php.net/rfc/deprecate_mcrypt_rand
  
 ===== Introduction ===== ===== Introduction =====
-MCRYPT_RAND should be deprecated so that developers are discouraged from using it in production systems or in frameworks used by other developers. MCRYPT_RAND is a constant that instructs mcrypt_create_iv() to use a non-cryptographically-secure entropy source. While IVs do not have the same secrecy requirements as a private key, they should be unpredictable. Using MCRYPT_RAND is therefore unsuitable for cryptographic applications.+MCRYPT_RAND should removed from PHP 7.0 so that developers are discouraged from using it in production systems or in frameworks used by other developers. MCRYPT_RAND is a constant that instructs mcrypt_create_iv() to use a non-cryptographically-secure entropy source. While IVs do not have the same secrecy requirements as a private key, they should be unpredictable. Using MCRYPT_RAND is therefore unsuitable for cryptographic applications.
  
  
 ===== Proposal ===== ===== Proposal =====
 The following changes should be made: The following changes should be made:
-  * If MCRYPT_RAND is passed to mcrypt_create_iv(), an E_DEPRECATED error should be triggered. +  * MCRYPT_RAND should be removed as of PHP 7.0
-  * In future versions, MCRYPT_RAND should be removed +  * With MCRYPT_RAND gone, mcrypt_create_iv() should transparently fall back to the default (currently MCRYPT_DEV_URANDOM)
-  * With MCRYPT_RAND gone, mcrypt_create_iv() should transparently fall back to the default (currently MCRYPT_DEV_RANDOM)+
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
-Legacy code that uses MCRYPT_RAND explicitly will throw a deprecation notice. Down the roadthe constant will be undefined.+The MCRYPT_RAND constant will be removedand support for it will also be removed.
  
 ===== Proposed PHP Version(s) ===== ===== Proposed PHP Version(s) =====
-This proposal should be considered for the PHP 5.(or 6.0 if that is to be the next version).+This proposal should be considered for the PHP 7.0.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
Line 31: Line 30:
  
 ===== References ===== ===== References =====
-https://github.com/php/php-src/pull/579 - Patchdiscussion+  * https://github.com/php/php-src/pull/889 - Patch by sarciszewski 
 +  * https://github.com/php/php-src/pull/579 - Original patch by yohgaki + discussion
rfc/deprecate_mcrypt_rand.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1

Page Tools