On 10/30/15 3:48 PM, Leigh wrote:
>
> I would like to refactor session id generation to use our new
> php_random_bytes API as the single entropy source for session ids,
> targeting 7.1
....
> I'd like to hear if there are any strong objections to this proposal.
Hi Leigh,
Again, not an objection but a question about performance, in particular,
performance relative to existing 7.0 generation of php_random_bytes'
different routes to randomness.
I suspect without any real evidence that php_random_bytes' different
routes have big performance differences and if any of them are slow
enough to affect sessions, it's worth knowing about.
Do current tests rigs allow such measurements?
Tom
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
>
> I would like to refactor session id generation to use our new
> php_random_bytes API as the single entropy source for session ids,
> targeting 7.1
....
> I'd like to hear if there are any strong objections to this proposal.
Hi Leigh,
Again, not an objection but a question about performance, in particular,
performance relative to existing 7.0 generation of php_random_bytes'
different routes to randomness.
I suspect without any real evidence that php_random_bytes' different
routes have big performance differences and if any of them are slow
enough to affect sessions, it's worth knowing about.
Do current tests rigs allow such measurements?
Tom
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php