Page MenuHomeDevCentral
Differential D2656

Use cryptographically secure pseudo-random integers
ClosedPublic
Actions

Authored by dereckson on Apr 9 2022, 12:04.
Tags
None
Referenced Files
F24508641: D2656.id.diff
Tue, Feb 24, 08:20
Unknown Object (File)
Mon, Feb 23, 19:32
Unknown Object (File)
Fri, Feb 20, 14:01
Unknown Object (File)
Thu, Feb 19, 08:14
Unknown Object (File)
Fri, Feb 13, 23:42
Unknown Object (File)
Fri, Feb 13, 12:27
Unknown Object (File)
Thu, Feb 12, 14:13
Unknown Object (File)
Wed, Feb 11, 11:35
View All Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T1717: Implement new UUID RFC
Commits
rKOTb9a3012239c1: Use cryptographically secure pseudo-random integers
rKOTb06cf75ecc00: Use cryptographically secure pseudo-random integers
rKERUALD10e58ae5bcb1: Use cryptographically secure pseudo-random integers
Summary

Methods from Identifiers\Random were currently implemented using
the Mersenne Twister general-purpose pseudorandom number generator.

As randomness is often used as a source to generate credentials,
and to also offer unbiaised results for games, this changes switch
to the CSPRNG method random_int. The random_bytes method was already used.

According PHP manual, the "cryptographically secure pseudo-random number
generator (CSPRNG) API provides an easy and reliable way to generate
crypto-strong random integers and bytes for use within cryptographic contexts."

As our library is PHP 7+ (actually PHP 8.1+), the CSPRNG methods are always
available.

Test Plan

Run unit tests, no regression detected.

Diff Detail

Repository
rKERUALD Keruald libraries development repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
omnitools/
src/
Identifiers/
14 lines
13 lines

Diff 6716

View Options

omnitools/src/Identifiers/Random.php

Loading...
View Options

omnitools/src/Identifiers/UUID.php

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator