Hi Leigh, On Thu, Jan 19, 2017 at 8:25 PM, Leigh <lei...@gmail.com> wrote:
> > You _do_ have to care if it fails. This is a breaking change if it is > not handled. mt_rand is _not_ a CSPRNG, and therefore the absence of a > CSPRNG should not make mt_rand unusable. If we consider mt_rand only, your statement is true. However, PHP as a whole cannot work reliable way w/o CSPRNG and today's standard requires working CSPRNG, doesn't it? If PHP cannot work properly, I don't see the point to make mt_rand work. I don't mind too much about falling back to very weak mt_rand result, but I just don't see the point allowing very weak result than it should/can be. How many of us are willing to allow very weak mt_rand fallback? This could be RFC vote option, if there are few. Regards, P.S. Please note that number of E_ERRORs were added recently when something goes wrong in fatal way . Compare to these, very rarely raised security concerned fatal exception is nothing. IMHO. -- Yasuo Ohgaki yohg...@ohgaki.net
