Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(security): random byte generation improved on some systems
On some Windows systems, `microtime()` is of insufficient precision and can yield the same value on multiple calls. In our algorithm this results in a divide-by-zero error and a `$rounds` count of `0`, so a little extra entropy is lost. There are numerous other entropy sources tapped, so this isn't a serious flaw, but here we avoid the error and just fix `$rounds` to a reasonable value to pick up a little more entropy. This issue should affect few systems, as it's a fallback mechanism for several better random sources. This also adds PHP7's `random_bytes` as the first source. Fixes #10750
- Loading branch information