rfc:get-random

Getting a random string

Introduction

The purpose of this feature is to create the most random number/string possible, and have it work on every system. The API is still undetermined.

This will attempt several methods until eventually finding one that's available to the system. It should always work.

  • Determine an order (most to least random)
  • User should have an option to choose: preferred type(s), dictionary of returned characters, …
  • This might interface with session entropy, and be exposed for several internal uses
  • It should report which randomness method was used
  • functiongetentropy - This RFC about getEntropy() directly relates to this

Sources of randomness

From all systems:

  • rand_pseudo_bytes() (if openssl is enabled)

Linux and related friends:

  • /dev/random, /dev/urandom, /dev/arandom

Windows:

  • COM('CAPICOM.Utilities.1')→getrandom()

Fallbacks:

  • Various system specific resources, which may include: stat, free disk space and time
  • mt_rand
  • rand

Optionals as per users desire and setup:

  • EGD

API

Still under review. Probably a simple function (get_random_string()) and/or a more feature rich class.

TODO

  • Research how other (languages) do it, and probably steal their ideals
  • Talk to cryptology geeks

Comments

  • Please leave your comments here
rfc/get-random.txt · Last modified: 2014/04/09 01:00 by levim