All, With PHP 7 comes random_bytes and random_int. This duplicates some of the logic internally that password_hash uses to generate its salt.
I would like to refactor this to unify generation. I've opened a PR against master: https://github.com/php/php-src/pull/1585 I don't feel comfortable pulling against 7 this far into RC status. Perhaps wait until after it goes gold? Or should this target 7.1? It's not a big deal in either direction. Though it does add a side-effect, where if it can't gather enough entropy it will throw an exception and return failure (where prior it would simply make a "best effort". Thoughts? Anthony -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php