问题
I have been following information on SO about generating random strings using mcrypt_create_iv() and have some example code over at 3v4l.org.
After reading the PHPWiki all mycrypt_* functions will show a depreceated warning but it does not specify what will be used in 7.2/8.0 that replaces these functions.
Since it states it will be removed in 7.2/8.0, what will be used to replace IV's?
I do not use this function in my software for encryption and decryption. I only use it for safe/retrievel of a unique string.
回答1:
random_bytes()
Although I imagine each PHP cryptography extension would provide its own version of a function to generate random data, like they currently do:
- ext/openssl provides openssl_random_pseudo_bytes() (but
random_bytes()is better than it) - libsodium-php provides \Sodium\randombytes_buf()
That is simply because any cryptography API would be incomplete without access to a CSPRNG. In fact, mcrypt_create_iv() was added by the PHP developers for that same reason, while it is otherwise not part of libmcrypt.
I only use it for safe/retrievel of a unique string.
"Random" doesn't mean "unique". The former needs to be unpredictable, while the latter has to be unrepeatable.
It is true that the chances of a collision decrease exponentially with each random byte you add to a string, but uniqueness is never 100% guaranteed.
来源:https://stackoverflow.com/questions/40438393/mcrypt-7-1-deprecated-7-2-removal