KDOT KDOT - 1 month ago 21
PHP Question

mcrypt 7.1 deprecated / 7.2+ removal

I have been following information on SO about generating random strings using

mcrypt_create_iv()
and have some example code over at 3v4l.org.

After reading the PHPWiki all
mycrypt_*
functions will show a depreceated warning but it does not specify what will be used in 7.2/8.0 that replaces these functions.

Since it states it will be removed in 7.2/8.0, what will be used to replace IV's?

I do not use this function in my software for encryption and decryption. I only use it for safe/retrievel of a unique string.

Answer

random_bytes()

Although I imagine each PHP cryptography extension would provide its own version of a function to generate random data, like they currently do:

That is simply because any cryptography API would be incomplete without access to a CSPRNG. In fact, mcrypt_create_iv() was added by the PHP developers for that same reason, while it is otherwise not part of libmcrypt.


I only use it for safe/retrievel of a unique string.

"Random" doesn't mean "unique". The former needs to be unpredictable, while the latter has to be unrepeatable.
It is true that the chances of a collision decrease exponentially with each random byte you add to a string, uniqueness is never 100% guaranteed.

Comments