Version 1.0.1

Instead of throwing an Exception immediately on insecure platforms, only do so when random_bytes() is invoked.

Version 1.0.0 - Exceptions Only

For older frameworks that define a base Error class. We will not be maintaining this branch.

Version 1.0.0

Our API is now stable and forward-compatible with the CSPRNG features in PHP 7 (as of 7.0.0 RC3).

A lot of great people have contributed their time and expertise to make this compatibility library possible. That this library has reached a stable release is more a reflection on the community than it is on PIE.

We are confident that random_compat will serve as the simplest and most secure CSPRNG interface available for PHP5 projects.

Version 0.9.7 (pre-release)

An attempt to achieve compatibility with Error/TypeError in the RFC.

This should be identical to 1.0.0 sans any last-minute changes or performance enhancements.

Version 0.9.6 (pre-release)

• Split the implementations into their own file (for ease of auditing)
• Corrected the file type check after /dev/urandom has been opened (thanks @narfbg and @jedisct1)

Version 0.9.5 (pre-release)

• Validate that /dev/urandom is a character device
  • Reported by @lokdnet
  • Investigated by @narfbg and frymaster on StackOverflow
• Remove support for /dev/arandom which is an old OpenBSD feature, thanks @jedisct1
• Prevent race conditions on the filetype() check, thanks @jedisct1
• Buffer file reads to 8 bytes (performance optimization; PHP defaults to 8192 bytes)

Version 0.9.4 (pre-release)

• Add logic to verify that /dev/arandom and /dev/urandom are actually devices.
• Some clean-up in the comments

Version 0.9.3 (pre-release)

Unless the Exceptions change to PHP 7 fails, this should be the last pre-release version. If need be, we'll make one more pre-release version with compatible behavior.

Changes since 0.9.2:

• Prioritize /dev/arandom and /dev/urandom over mcrypt.
• @oittaa removed the -1 and +1 juggling on $range calculations for random_int()
• Whitespace and comment clean-up, plus better variable names
• Actually put a description in the composer.json file...

Version 0.9.2 (pre-release)

• Consolidated $range > PHP_INT_MAX logic with $range <= PHP_INT_MAX (thanks @oittaa and @CodesInChaos)
• tests/phpunit.sh now also runs the tests with mbstring.func_overload and open_basedir
• Style consistency, whitespace cleanup, more meaningful variable names

Version 0.9.1 (pre-release)

• Return random values on integer ranges > PHP_INT_MAX (thanks @CodesInChaos)
• Determined CSPRNG preference:
  1. mcrypt_create_iv() with MCRYPT_DEV_URANDOM
  2. /dev/arandom
  3. /dev/urandom
  4. openssl_random_pseudo_bytes()
• Optimized backend selection (thanks @lt)
• Fix #3 (thanks @scottchiefbaker)