

Show HN: Polyfill for random_bytes() and random_int() in PHP 5 projects - paragon_init
https://github.com/paragonie/random_compat

======
paragon_init
When PHP 7 is released later this year, PHP users will finally be able to
quickly and easily leverage a CSPRNG in their projects.

    
    
        random_bytes(int) - Generate a string of random bytes from the OS (e.g.. /dev/urandom)
        
        random_int(int, int) - Generate an unbiased random integer between two integers
    

We wrote this library so PHP 5.x users can import this in their project and
write code that takes advantage of this new PHP 7 API. Particularly
random_int(), which is suitable for random string generation (e.g. random
password generator).

We cannot declare the 1.0.0 stable release until the PHP team makes a design
decision about how to handle errors in their version of the library. We
currently throw an Exception; they might decide to return false and raise an
E_WARNING error. Until the outcome is known, we're in limbo.

This library has not been subject to a paid audit by a security team, but it
has been reviewed by several prominent members of the PHP community (and a few
security/crypto folks outside of PHP land).

I believe it to be more secure than any other PHP implementation of these
features. That said, more review and scrutiny would be greatly appreciated! :)

