PHP RFC: Unify crypt source INI settings

• Version: 0.1
• Date: 2014-02-24
• Author: Yasuo Ohgaki yohgaki@ohgaki.net
• Status: Under Discussion
• First Published at: http://wiki.php.net/rfc/unified-crypt-source

Crypt source such as /dev/urandom is mandatory for secure programs. None the less, PHP does not have way to specify crypt source as a core. This RFC proposes 2 new INIs for it.

Introduce 2 new INIs for UNIX like OSes.

Pseudo RNG - non-blocking. INI_PER_DIR

random.entropy_strong_source=       (/dev/(u|a)random etc. Default: /dev/urandom)

RNG - may block. INI_PER_DIR

random.entropy_crypto_source=        (/dev/random etc. Default: /dev/random)

Under windows, different values may be set.

session.entropy_file uses /dev/*random. It share the random.entropy_strong_source if it is empty. (Like default_charset with Default Char Encoding RFC)

None.

PHP 5.6

session/mcrypt, any extension uses /dev/*random. These module's code is changed to use new INI settings where it is possible.

None

• hardcoded default values

None

• php.ini-development values
• php.ini-production values

random.entropy_strong_source=/dev/urandom (INI_PER_DIR)
random.entropy_crypto_source=/dev/random (INI_PER_DIR)

Under Windows, different values may be set.

None

Although this RFC affects some modules, it does not affects existing feature. All function should remains as it is now.

These 2 INIs may be used crypto related new and existing modules.

Yes/No

TBD

After the project is implemented, this section should contain

1. the version(s) it was merged to
2. a link to the git commit(s)
3. a link to the PHP manual entry for the feature

Links to external references, discussions or RFCs

Keep this updated with features that were discussed on the mail lists.