Version 1.3.0
paragonie-scott
released this
17 Mar 18:28
·
166 commits
to master
since this release
Removed openssl_random_pseudo_bytes()
entirely. If you are using random_compat in PHP on a Unix-like OS but cannot access /dev/urandom
, version 1.3+ will throw an Exception
. If you want to trust OpenSSL, feel free to write your own fallback code. e.g.
try {
$bytes = random_bytes(32);
} catch (Exception $ex) {
$strong = false;
$bytes = openssl_random_pseudo_bytes(32, $strong);
if (!$strong) {
throw $ex;
}
}