Thought I better get that confirmed before I started hammering through this project
Cheers, B
Moderator: General Moderators
Yes. You can just encode it with bin2hex(), for instance. Hashing here does not make any sense at all. It's only useful in situations like when you use mt_rand(), because otherwise you would leak the state of your random number generator. In case of /dev/urandom, the generator is clearly seeded with unpredictable data (with information that requires at least hardware and system access in order to be possible to predict, although still laborious) and thus you will not leak the state.batfastad wrote:If I'm getting strong random from /dev/urandom (way stronger than uniqid(mt_rand()), then I shouldn't need to hash it.
Right?
Yeah that's true. I've written a function which uses that if /dev/urandom can't be opened.Apollo wrote:One reason I would still prefer something like sha1(time().uniqid(mt_rand(),true)) is that it's platform independent. The /dev/urandom method won't work on Windows machines.