Hi internals friends! I'd like to start a discussion on the "Improve openssl_random_pseudo_bytes()" RFC: https://wiki.php.net/rfc/improve-openssl-random-pseudo-bytes
TL;DR: CSPRNG implementations should always fail closed so this change would make `openssl_random_pseudo_bytes()` fail closed. The second `$crypto_strong` parameter doesn't do anything despite the docs stating otherwise. This unnecessarily confusing parameter would be deprecated. Thanks, Sammy Kaye Powers sammyk.me -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
