Hi Stas,
On Mon, Feb 3, 2014 at 8:02 AM, Stas Malyshev <[email protected]>wrote:
>
> > My question is if we should extend uniqid() or add new function that
> > actually
> > generates safe ID string. We may add more description to uniqid() page,
>
> How mcrypt_create_iv is not safe? It generates a random string, you need
> a random string, what's unsafe in it?
It's safe as long as users do not use RAND as random source.
There are many use cases that users need secure random string and
there are many mistakes out there. I'm questioning if we should have
easy to use and easy to find function for it or not.
Better documentation is valid option rather than have a function.
Do you suggest documentation as a solution?
Regards,
--
Yasuo Ohgaki
[email protected]