KDOT KDOT - 6 months ago 59
PHP Question

mcrypt 7.1 deprecated / 7.2+ removal

I have been following information on SO about generating random strings using

and have some example code over at 3v4l.org.

After reading the PHPWiki all
functions will show a depreceated warning but it does not specify what will be used in 7.2/8.0 that replaces these functions.

Since it states it will be removed in 7.2/8.0, what will be used to replace IV's?

I do not use this function in my software for encryption and decryption. I only use it for safe/retrievel of a unique string.



Although I imagine each PHP cryptography extension would provide its own version of a function to generate random data, like they currently do:

That is simply because any cryptography API would be incomplete without access to a CSPRNG. In fact, mcrypt_create_iv() was added by the PHP developers for that same reason, while it is otherwise not part of libmcrypt.

I only use it for safe/retrievel of a unique string.

"Random" doesn't mean "unique". The former needs to be unpredictable, while the latter has to be unrepeatable.
It is true that the chances of a collision decrease exponentially with each random byte you add to a string, uniqueness is never 100% guaranteed.