On Mon, Jan 9, 2017 at 5:07 AM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> On Mon, Jan 9, 2017 at 2:29 AM, Lauri Kenttä <lauri.ken...@gmail.com> > wrote: > >> On 2017-01-07 03:15, Yasuo Ohgaki wrote: >> >>> + php_random_int(1000000000, 9999999999, &rand, 1); >>> >>> This should be >>> >>> + php_random_int(0, 9999999999, &rand, 1); >>> >> >> No, it shouldn't. That fixes none of the reported problems. You still >> have too many numbers (integer overflow) and still produce 0.abcdefgh >> instead of a.bcdefghi. >> >> If you can't fix it, maybe you shouldn't be doing it in the first place... > > > Did you read my mail? > Please read mail again. > Anyway, I agree your way is optimal for 9 digit chars entropy. I don't care about extending entropy strength, longer length and use of non digits, for now. Are we OK with the patch Lauri proposed? Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
