HomeDevCentral

Use cryptographically secure pseudo-random integers

Description

Use cryptographically secure pseudo-random integers

Summary:
Methods from Identifiers\Random were currently implemented using
the Mersenne Twister general-purpose pseudorandom number generator.

As randomness is often used as a source to generate credentials,
and to also offer unbiaised results for games, this changes switch
to the CSPRNG method random_int. The random_bytes method was already used.

According PHP manual, the "cryptographically secure pseudo-random number
generator (CSPRNG) API provides an easy and reliable way to generate
crypto-strong random integers and bytes for use within cryptographic contexts."

As our library is PHP 7+ (actually PHP 8.1+), the CSPRNG methods are always
available.

Test Plan: Run unit tests, no regression detected.

Reviewers: dereckson

Reviewed By: dereckson

Differential Revision: https://devcentral.nasqueron.org/D2656

Details

Provenance
derecksonAuthored on Apr 9 2022, 12:04
derecksonPushed on Mar 31 2023, 16:05
Reviewer
dereckson
Differential Revision
D2656: Use cryptographically secure pseudo-random integers
Parents
rKOT57b6d3486952: Update license information
Branches
Unknown
Tags
Unknown
Tasks
T1717: Implement new UUID RFC