On 6/14/2016 6:46 PM, Leigh wrote: > The issues I want to bring up for discussion are. > > * Replacing mt_rand() and rand() to a strong, modern RNG. > * Alternatively, fixing the current mt_rand() implementation to make it > standard > * Aliasing rand() to mt_rand() to improve output and cross-platform support > * Fixing RAND_RANGE for large ranges. > * Replacing insecure uses of php_rand() with php_random_bytes() > * Making the array_rand() algorithm more efficient > > The RFC can be found here: https://wiki.php.net/rfc/rng_fixes >
Why do we need so many functions to get a random int anyways if we now have random_int()? I would like to see all of them deprecated and removed in PHP 8.0. - crypt() -> password_hash() - rand() -> random_int() - mt_getrandmax() -> PHP_INT_MAX - mt_rand() -> random_int() - mt_srand() -> - - shuffle() -> array_shuffle()* - srand() -> - Mcrypt is meant to be replaced anyways and OpenSSL might be too if we can come up with a nicer implementation that actually hides the underlying library (e.g. sodium). * Directly fix the name and get rid of the reference: array_shuffle(array $array, int $num = 1): array I do not see a problem to change array_rand(), array_shuffle(), nor str_shuffle() since their output should be random anyways. -- Richard "Fleshgrinder" Fussenegger
signature.asc
Description: OpenPGP digital signature
