Adding a back-port for random_int() & random_bytes()

[SammyK]

Once the Easy User-land CSPRNG gets added to PHP7, what are your thoughts of using RandomLib as a back-port for older PHP versions and adding the random_bytes() and random_int() functions as wrappers? :)

[ircmaxell]

Well, it should be its own compatibility library that doesn't expose other APIs. I will however port RandomLib and others to use the new APIs internally :-)

[scottchiefbaker]

@ircmaxell we were thinking that a compat library like you did for password_compat for the CSPRNG would be awesome.

[ircmaxell]

yeah, that's sane. I thought someone was working on one already? I would be happy to do it (and host it). It's up to you.

[scottchiefbaker]

I was going to mock up a really simple PHP version, but it looks like RandomLib is way more robust. Does it make sense to base the compat library on RandomLib, or do a simple wrapper around:

mcrypt > openssl > direct file access

[SammyK]

Relevant: my proof of concept for the RFC and the Facebook PHP SDK's CSPRNG.

Or a lib that just composer requires RandomLib and provides the functions.. :)

[ircmaxell]

I would base it on https://github.com/ircmaxell/random_compat

[scottchiefbaker]

Here is a super rough userland implementation: https://gist.github.com/scottchiefbaker/d191f369765eef5ed0cf

I didn't implement the min/max in random_int() yet. I'll defer to @ircmaxell 's implementation, because https://github.com/ircmaxell/random_compat looks more full featured. I just wanted a proof of concept to see if it was feasible.

[jrnickell]

Here is some code I've been playing with the past few days. I was also hoping to see a library like password_compat show up :)

https://gist.github.com/jrnickell/bd5c3d5b5e6f71bca4b9

I wasn't sure if the new functions take default arguments. @ircmaxell the random_bytes I have is based on how you are generating salts in password_compat. It seemed to be a similar approach to the RFC.

I was playing with random_int based on your RandomLib stuff here. It's using pow at the moment, since I was trying to keep the code as compact as possible. I've been reading as much as possible the past few days, and I'm excited about using the new methods for UUIDs and various shuffles, sorts, and data structures.

Thank you for the hard work Sammy and Anthony, and let me know if there is anything you guys need help with.

[scottchiefbaker]

@jrnickell I like it... you had the same idea I had, but took it a couple steps farther. Question though, what is a PHALANGER on line #6?

[jrnickell]

It is a PHP compiler for .NET. The code is based heavily on Anthony's password-compat salt generator. I've tried to follow his advice, and let the professionals handle cryptography. There is very little deviation from what he wrote in the code I was playing with.

I'm not sure, but I recall some crypto functions had flaws and/or performance issues on Windows. I know openssl_random_pseudo_bytes had issues some time ago. I've always thought that check may have been related to one of those Windows issues.

[lt]

@scottchiefbaker PHALANGER is my fault, the company I used to work for used it to create .NET versions of their product. I don't care if it is removed now, Phalanger is so incompatible with modern PHP it's a sin.

It's impossible to directly mimic random_bytes() in userland, with no access to CryptGenRandom or arc4random_buf. The file based sources can be used though.

I agree with Anthony, it's better in it's own library, we'd have to put limiters in this one to prevent it descending into mt_rand or rand.

Imho it only needs to check for and use openssl_random_pseudo_bytes -> mcrypt_create_iv -> /dev/arandom -> /dev/urandom.

The first two appropriately select CryptGenRandom for Windows or the appropriate file device on Linux. In the event that neither OpenSSL or MCrypt are available and the platform is windows, the compat library must error.

[scottchiefbaker]

PHP7 is closer to landing now, has anyone made any headway on a userland implementation?

[SammyK]

@sarciszewski just posted one.

[paragonie-scott]

Should I send a PR adding random_bytes() as an entropy source?