On 6/19/2016 6:27 PM, Pierre Joye wrote: > I think I gave you plenty of valid usage of MT rand or rand in some > extends. > > And the argument about them being dangerous for crypto is the same for any > other functions. And right, this argument is invalid. > > We do not remove cars from the street because there cars accident. But we > educate and prevent them. In this case it is about educations (doc, blog > posts and all the palette of developers evangelism or whatever "spreading a > msg" is called these days). > > I would appreciate that you understand our arguments. You can disagree but > cannot deny them. >
I just went back and had a look at all messages of this thread, the only argument is:* On 6/14/2016 8:14 PM, Christoph Becker wrote: > In my opinion, we need at least one random function which yields > reproducible values. > I understand that and I am totally in favor of adding a function that yields reproducible sequences. However, that function should be of good quality (fast, properly documented, modern algo, ...). This matches Tom Worster's analysis of mt: it's just crap. :P I am sorry if it seems to you as if I am ignoring you, Quite the opposite is the case. It is just unbelievable to me that we are trying to keep these functions if there are so many better alternatives that we can provide to our users. There is nothing bad about a deprecation together with a much better alternative. I cannot imagine that anyone has a problem with that. * Let me know if I missed any other argument that clearly explains why mt_rand() cannot be deprecated and removed. Oh, yes, I am ignoring the legitimate usage from a private software that is unsharable because this argument cannot be verified. It is also not clear why that software should not be able to upgrade to a faster function. -- Richard "Fleshgrinder" Fussenegger
signature.asc
Description: OpenPGP digital signature
