Hey Tom! > According to one argument that has a lot of currency, it does.
You have great points that I totally agree with; after all, my original proposal was to alias to random_bytes(). But this RFC just targets the implementation problems, not the OpenSSL CSPRNG itself. We already discussed in a separate thread the possibility of removing/aliasing it, but have decided we're gonna keep it. :) > (Btw, "a proper CSPRNG" might be misinterpreted as a **bold** claim. Good point - I'm not an infosec expert by any means so I try to avoid making any hard claims regarding cryptography. :) > Idk. It's your RFC and I kinda hijacked the thread. Hehe - thanks for hijacking! I always love the feedback. :) Thanks, Sammy Kaye Powers sammyk.me -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
