rfc:rng_fixes
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
rfc:rng_fixes [2016/06/14 14:45] – leigh | rfc:rng_fixes [2016/07/07 11:01] – leigh | ||
---|---|---|---|
Line 3: | Line 3: | ||
* Date: 2016-05-03 | * Date: 2016-05-03 | ||
* Author: Leigh T < | * Author: Leigh T < | ||
- | * Status: | + | * Status: |
* First Published at: https:// | * First Published at: https:// | ||
Line 19: | Line 19: | ||
===== Proposal ===== | ===== Proposal ===== | ||
- | There are several proposals up for discussion, which I hope to fine-tune, improve upon, or eliminate completely during the discussion phase. The proposals are: | + | There are several proposals up for discussion. |
- | * Replace | + | * Fix the current |
- | * Alternatively, | + | |
* Alias rand() to mt_rand(). | * Alias rand() to mt_rand(). | ||
* Fix RAND_RANGE for large ranges. | * Fix RAND_RANGE for large ranges. | ||
* Replace insecure uses of php_rand() with php_random_bytes() | * Replace insecure uses of php_rand() with php_random_bytes() | ||
* Make array_rand() more efficient | * Make array_rand() more efficient | ||
- | |||
- | == Replace mt_rand() and rand() to a strong, modern RNG. == | ||
- | Most of the identified issues can be addressed by replacing the implementations of < | ||
- | |||
- | As we currently recommend using < | ||
- | |||
- | This change would alter the output streams of both functions, however it fixes: | ||
- | |||
- | * Incorrect implementation of mt_rand (with documentation to say it is no longer mt_rand) | ||
- | * Platform-specific outputs | ||
- | * Poor scaling of bounded outputs | ||
== Fix mt_rand() implementation == | == Fix mt_rand() implementation == | ||
The implementation of < | The implementation of < | ||
- | It is not known if the period or the quality of the output | + | [[https:// |
As < | As < | ||
+ | |||
+ | The legacy implementation will be preserved and be selectable with a new `mt_rand_mode(int $mode)` function, along with new constants representing the two modes. The default will be the fixed algorithm. | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
== Alias rand() to mt_rand() == | == Alias rand() to mt_rand() == | ||
Line 51: | Line 46: | ||
Aliasing it to < | Aliasing it to < | ||
- | == Replace | + | <doodle title="Alias rand() to mt_rand()" |
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
+ | |||
+ | == Fix RAND_RANGE() == | ||
The macro used to scale the output of an RNG between two bounds is insufficient for large ranges. ([[https:// | The macro used to scale the output of an RNG between two bounds is insufficient for large ranges. ([[https:// | ||
The proposed fix is to concatenate multiple outputs for ranges exceeding 32 bits, and use rejection sampling (the same as used in < | The proposed fix is to concatenate multiple outputs for ranges exceeding 32 bits, and use rejection sampling (the same as used in < | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
== Replace insecure uses of php_rand() with php_random_bytes() == | == Replace insecure uses of php_rand() with php_random_bytes() == | ||
- | There are several instances where rand() is used internally in a security sensetive context | + | There are several instances where <php>rand()</ |
* < | * < | ||
* SOAP HTTP auth nonce generation | * SOAP HTTP auth nonce generation | ||
- | * < | ||
These instances should all be fixed to use the secure random number generator (even mcrypt which is deprecated) | These instances should all be fixed to use the secure random number generator (even mcrypt which is deprecated) | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
+ | |||
+ | == Make array_rand() more efficient == | ||
+ | It has been noted that ([[http:// | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
Line 74: | Line 91: | ||
* < | * < | ||
* < | * < | ||
- | * < | ||
===== Proposed PHP Version(s) ===== | ===== Proposed PHP Version(s) ===== | ||
Line 90: | Line 106: | ||
==== New Constants ==== | ==== New Constants ==== | ||
- | None | + | MT_RAND_MT19937 (correct implementation mode) |
+ | MT_RAND_PHP (unofficial implementation mode) | ||
===== Open Issues ===== | ===== Open Issues ===== | ||
Line 96: | Line 113: | ||
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
- | This will be an all or nothing vote (after discussion), and as the changes | + | Individual votes will be held for the remaining proposals, and since minor BC breaks |
===== Patches and Tests ===== | ===== Patches and Tests ===== | ||
- | WIP - I will release a patch after a week or so of discussion has taken place | + | https:// |
===== Implementation ===== | ===== Implementation ===== | ||
+ | |||
===== References ===== | ===== References ===== |
rfc/rng_fixes.txt · Last modified: 2017/09/22 13:28 by 127.0.0.1