On Wed, Jul 8, 2015 at 11:59 AM, Scott Arciszewski <sc...@paragonie.com> wrote:
> Hi everyone, > > I'm working on a library to backport random_bytes() and random_int() > into PHP 5. The effort is located on Github if anyone is interested: > https://github.com/paragonie/random_compat > > My reason for this email is that I'm running into one compatibility > issue that I don't think I can safely work around: If we let > random_int() default to -PHP_INT_MAX and PHP_INT_MAX, then the > difference between the two (used to calculate the range) will overflow > into a float, which will lead to a loss of precision. > > My current compromise is to use -(PHP_INT_MAX/2) and PHP_INT_MAX/2, > but I'm not sure if there's a better solution. > random_int() arguments don't have default values, you have to explicitly pass both. (Of course you still have a problem if someone does pass them :) Nikita