Could we regard random_bytes() as a security patch rather than a new feature and therefore port it to PHP 5?
Error handling would have to change but that should be feasible. Iirc, earlier commits of random_bytes() had PHP 5-like behavior on error. My motivation: it's easier to defend abandoning OpenSSL's RNG (e.g. in paragonie/random_compat) if we could say to Windows users stuck with nothing else: "Upgrade to the latest point release of PHP 5.x. It has a proper fix." Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
