rfc:deprecate_mcrypt_rand

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
rfc:deprecate_mcrypt_rand [2014/07/08 14:04] sarciszewskirfc:deprecate_mcrypt_rand [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== PHP RFC: Deprecate MCRYPT_RAND ====== +====== PHP RFC: Remove MCRYPT_RAND (Formerly: Deprecate MCRYPT_RAND====== 
-  * Version: 0.1 +  * Version: 0.2 
-  * Date: 2014-07-08 (use today's date here)+  * Date: 2014-07-08
   * Author: Scott Arciszewski, scott@arciszewski.me   * Author: Scott Arciszewski, scott@arciszewski.me
-  * Status: Draft+  * Status: Obsoleted by [[rfc/mcrypt-viking-funeral]]
   * First Published at: http://wiki.php.net/rfc/deprecate_mcrypt_rand   * First Published at: http://wiki.php.net/rfc/deprecate_mcrypt_rand
  
 ===== Introduction ===== ===== Introduction =====
-MCRYPT_RAND should be deprecated so that developers are discouraged from using it in production systems or in frameworks used by other developers. MCRYPT_RAND is a constant that instructs mcrypt_create_iv() to use a non-cryptographically-secure entropy source. While IVs do not have the same secrecy requirements as a private key, they should be unpredictable. Using MCRYPT_RAND is therefore unsuitable for cryptographic applications.+MCRYPT_RAND should removed from PHP 7.0 so that developers are discouraged from using it in production systems or in frameworks used by other developers. MCRYPT_RAND is a constant that instructs mcrypt_create_iv() to use a non-cryptographically-secure entropy source. While IVs do not have the same secrecy requirements as a private key, they should be unpredictable. Using MCRYPT_RAND is therefore unsuitable for cryptographic applications.
  
  
 ===== Proposal ===== ===== Proposal =====
 The following changes should be made: The following changes should be made:
-  * If MCRYPT_RAND is passed to mcrypt_create_iv(), an E_DEPRECATED error should be triggered. +  * MCRYPT_RAND should be removed as of PHP 7.0
-  * In future versions, MCRYPT_RAND should be removed +  * With MCRYPT_RAND gone, mcrypt_create_iv() should transparently fall back to the default (currently MCRYPT_DEV_URANDOM)
-  * With MCRYPT_RAND gone, mcrypt_create_iv() should transparently fall back to the default (currently MCRYPT_DEV_RANDOM)+
  
 ===== Backward Incompatible Changes ===== ===== Backward Incompatible Changes =====
-Legacy code that uses MCRYPT_RAND explicitly will throw a deprecation notice. Down the roadthe constant will be undefined.+The MCRYPT_RAND constant will be removedand support for it will also be removed.
  
 ===== Proposed PHP Version(s) ===== ===== Proposed PHP Version(s) =====
-This proposal should be considered for the PHP 5.(or 6.0 if that is to be the next version).+This proposal should be considered for the PHP 7.0.
  
 ===== Proposed Voting Choices ===== ===== Proposed Voting Choices =====
Line 31: Line 30:
  
 ===== References ===== ===== References =====
-https://github.com/php/php-src/pull/579 - Patch by yohgaki + discussion+  * https://github.com/php/php-src/pull/889 - Patch by sarciszewski 
 +  * https://github.com/php/php-src/pull/579 - Original patch by yohgaki + discussion
rfc/deprecate_mcrypt_rand.1404828245.txt.gz · Last modified: 2017/09/22 13:28 (external edit)

Page Tools