This is probably answerable by a quick yes/no and shouldn't need a ton of bikeshedding, but if that happens anyway I apologize in advance.
I think random_bytes() and random_int() are great; they provide a much-needed building block in PHP 7.0. However, I do worry a bit that the most common use for random_int() (generating a random string of a fixed length with a given character set) will be reinvented over and over again, and rarely consistently. I would propose a random_str() function that behaves similar to this userland snippet: http://stackoverflow.com/a/32870871/2224584 Function prototype: > string random_str( int $length, string $charset) Would return a string or throw an Error|Exception (e.g. invalid input parameters, or the operating system's CSPRNG begins to melt). I can write up an RFC for this, with a patch targeting 7.1, if anyone is interested in it. Scott Arciszewski Chief Development Officer Paragon Initiative Enterprises <https://paragonie.com> -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
