Hi! >> - To produce a repeatable sequence of random numbers (works, but >> only if you and the sole user of the global random number >> generator, which is not guaranteed by any means)
If you write your code it is guaranteed. Note that it's not some API we're designing out of the blue, it is something that has been working for years and you propose to just eliminate it because you don't like it. It's not how it should be done in a mature language like PHP. If you want to design better API, please do it, but breaking working APIs is not a good idea. > - To generate cryptographic keys - a seeded random number generator I'm surprised you even bring it up. Yes, it is known rand() should not be used for cryptography. It is true with srand or without srand, and nobody advocated using rand for cryptography. > This is why Suhosin disabled srand by default: it is, unfortunately, > also a security issue. Saying "it's a security issue" is not some magic phrase that instantly makes wrong into right. There's no security issue in srand. Security issue is in wrong usage of rand() and breaking srand() would do nothing to fix it. If you use a tool for a wrong purpose, it is pointless to point each aspect of it and say "that's where the wrong is" if the whole thing altogether is wrong from the premise up. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
