rfc:unified-crypto-source

This is an old revision of the document!


PHP RFC: Unify crypt source INI settings

Introduction

Crypt source such as /dev/urandom is mandatory for secure programs. None the less, PHP does not have way to specify crypt source as a core. This RFC proposes 2 new INIs for it.

Proposal

Introduce 2 new INIs for UNIX like OSes.

Pseudo RNG - non-blocking. INI_PER_DIR

random.entropy_strong_source=       (/dev/(u|a)random etc. Default: /dev/urandom)

RNG - may block. INI_PER_DIR

random.entropy_crypto_source=        (/dev/random etc. Default: /dev/random)

Under windows, different values may be set.

session.entropy_file uses /dev/*random. It share the random.entropy_strong_source if it is empty. (Like default_charset with Default Char Encoding RFC)

Backward Incompatible Changes

None.

Proposed PHP Version(s)

PHP 5.6

Impact to Existing Extensions

session/mcrypt, any extension uses /dev/*random. These module's code is changed to use new INI settings where it is possible.

New Constants

None

php.ini Defaults

  • hardcoded default values

None

  • php.ini-development values
  • php.ini-production values
random.entropy_strong_source=/dev/urandom (INI_PER_DIR)
random.entropy_crypto_source=/dev/random (INI_PER_DIR)

Under Windows, different values may be set.

Open Issues

None

Unaffected PHP Functionality

Although this RFC affects some modules, it does not affects existing feature. All function should remains as it is now.

Future Scope

These 2 INIs may be used crypto related new and existing modules.

Proposed Voting Choices

Yes/No

Patches and Tests

TBD

Implementation

After the project is implemented, this section should contain

  1. the version(s) it was merged to
  2. a link to the git commit(s)
  3. a link to the PHP manual entry for the feature

References

Links to external references, discussions or RFCs

Rejected Features

Keep this updated with features that were discussed on the mail lists.

rfc/unified-crypto-source.1392285384.txt.gz · Last modified: 2014/02/13 10:56 by yohgaki