Hi Leigh, On Tue, Jan 17, 2017 at 11:48 PM, Leigh <[email protected]> wrote:
> mt_rand is not advertised as crypto-quality. > > Where do you think mt_rand is used in session id generation? > I don't mention session module uses mt_rand, but older versions used php_combined_lcg() . Regards, -- Yasuo Ohgaki [email protected]
