Getting a random string
The purpose of this feature is to create the most random number/string possible, and have it work on every system. The API is still undetermined.
This will attempt several methods until eventually finding one that's available to the system. It should always work.
Notes related to this idea
- Determine an order (most to least random)
- User should have an option to choose: preferred type(s), dictionary of returned characters, ...
- This might interface with session entropy, and be exposed for several internal uses
- It should report which randomness method was used
- functiongetentropy - This RFC about getEntropy() directly relates to this
Sources of randomness
From all systems:
- rand_pseudo_bytes() (if openssl is enabled)
Linux and related friends:
- /dev/random, /dev/urandom, /dev/arandom
- Various system specific resources, which may include: stat, free disk space and time
Optionals as per users desire and setup:
Still under review. Probably a simple function (get_random_string()) and/or a more feature rich class.
- Research how other (languages) do it, and probably steal their ideals
- Talk to cryptology geeks
- Please leave your comments here