Random Compat Versions Save

PHP 5.x support for random_bytes() and random_int()

v2.0.3

7 years ago

Updated lib/error_polyfill.php to resolve corner cases.
The README was updated to help users troubleshoot and fix insecure environments.
Tags will now be signed by the GnuPG key used by the security team at Paragon Initiative Enterprises, LLC.

v2.0.2

8 years ago

Added a consistency check (discovered by Taylor Hornby in his PHP encryption library). It wasn't likely causing any trouble for us.

v2.0.1

8 years ago

Update comment in random.php

v1.4.1

8 years ago

Update comment in random.php

v2.0.0

8 years ago

Due to downstream errors, the OpenSSL removal now belongs in version 2.0.0.

v1.4.0

8 years ago

Restored OpenSSL in the version 1 branch in preparation to remove OpenSSL in version 2.

v1.2.3

8 years ago

Add more possible values to open_baseir check. Thanks @narfbg

v1.3.1

8 years ago

Add more possible values to open_baseir check. Thanks @narfbg

v1.3.0

8 years ago

Removed openssl_random_pseudo_bytes() entirely. If you are using random_compat in PHP on a Unix-like OS but cannot access /dev/urandom, version 1.3+ will throw an Exception. If you want to trust OpenSSL, feel free to write your own fallback code. e.g.

try {
    $bytes = random_bytes(32);
} catch (Exception $ex) {
    $strong = false;
    $bytes = openssl_random_pseudo_bytes(32, $strong);
    if (!$strong) {
        throw $ex;
    }
}

v1.2.2

8 years ago

To prevent applications from hanging, if /dev/urandom is not accessible to PHP, skip mcrypt (which just fails before giving OpenSSL a chance and was morally equivalent to not offering OpenSSL at all).