-
Improvement
-
Resolution: Fixed
-
Minor
-
4.1.5
-
MOODLE_401_STABLE
-
MOODLE_403_STABLE
-
master_
MDL-78698 -
The function random_bytes_emulate (https://github.com/moodle/moodle/blob/master/lib/moodlelib.php#L8496) tries to generate cryptographically secure pseudo-random bytes.
It does this by progressively falling back to alternate (worse) methods of generating random bytes.
The first method it tries is the native PHP7 random_bytes method which does generate cryptographically secure random bytes (https://www.php.net/manual/en/function.random-bytes.php).
Now that all supported versions of Moodle support at least PHP 7 (for a while).
We should now deprecate (https://moodledev.io/general/development/policies/deprecation) random_bytes_emulate and just use random_bytes.
This means:
- Deprecating random_bytes_emulate in line with policy
- Replace the usages of random_bytes_emulate in core with random_bytes
- has a non-specific relationship to
-
MDL-67390 Update password hashing to SHA-512
- Closed