Hi all, I just want to throw a quick thought in here:
The password API proposal includes a function called password_make_salt(), that basically creates a random string, either in raw binary form, or in the bcrypt salt format. Personally I don't see much use for the function in the salt context as the password API already generates the salt all by itself, but I do see a lot of use for a random string function in general. People commonly want to create random strings according to some format. Like CSRF tokens, ids, etc. So my thought was to drop password_make_salt() and instead add some kind of generalized random_string() function: // this is a 20 byte random binary string $str = random_string(20); // ten random hex characters $str = random_string(10, "0123456789ABCDEF"); // 15 characters from the bcrypt alphabet 0-9a-zA-Z./ $str = random_string(15, "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"); // if it's not too hard to implement, one could support this kind of shortcut: $str = random_string(15, "0-9a-zA-Z./"); Thoughts? Nikita -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php