Y U NO /dev/urandom ?!

Question

altf4 opened this issue 10 years ago · comments

mt_rand() is not secure. You know this. I'm even working on a tool to exploit this exact functionality:

I highly recommend moving to openssl_random_pseudo_bytes(), or manually reading from /dev/urandom

Chris Kankiewicz · Answer 1 · Sat May 10 2014 02:34:50 GMT+0800 (China Standard Time)

Resolved with commit c6b1cb7.
Happy now @altf4? ☕