•  
      request #15060 Ban usage of non crypto secure/user-space RNG
    Infos
    #15060
    Thomas Gerbet (tgerbet)
    2020-07-03 10:30
    2020-07-02 18:27
    16329
    Details
    Ban usage of non crypto secure/user-space RNG
    PHP comes with two proper functions for this usage: random_int() and random_bytes().

    Other functions like rand() are a footgun and should be avoided.

    The only situation where you could have a valid usage of them is when you need a seeded RNG but even in this situation using something in the spirit of https://github.com/paragonie/seedspring would be a better call.
    Other
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-07-03
    Attachments
    Empty
    References

    Follow-ups