On 15/06/2023 13:14, Tim Düsterhus wrote:
Looping back to the beginning of my email: The recommended replacement
is random_int() which is available for years, but the "organic"
migration did not really work.
I think that's partly because, rightly or wrongly, random_int() is not
generally viewed as a universal replacement for rand()/mt_rand(). For
instance, consider the opening description in the manual for random_int():
> Generates cryptographic random integers that are suitable for use
where unbiased results are critical, such as when shuffling a deck of
cards for a poker game.
And the Caution on the manual for rand() and mt_rand():
> This function does not generate cryptographically secure values, and
/must not/ be used for cryptographic purposes, or purposes that require
returned values to be unguessable.
Note that both talk about using random_int() *in particular situations*,
not as a universal replacement.
Add to that the scary fact that random_int() can fail with an exception
(the technical detail of how unlikely that is probably goes over the
head of the majority of PHP programmers), and the perception that it's
significantly slower (which may or may not be true, or relevant to most
users), and many people will be actively choosing not to use it when
they don't need its guarantees.
On the other hand, I'm sure you're right that there are people misusing
rand()/mt_rand() in contexts where they really should use something
secure. Maybe with improved documentation at the same time, a
deprecation could be OK; but it would be worryingly easy to say
"deprecate first, we'll get round to the documentation later", and have
lots of confused users who think we're suddenly deprecating something
that's been working fine for 20 years.
Regards,
--
Rowan Tommins
[IMSoP]
