Posted by Scott Arciszewski on Aug 12
Hi Tom, FD readers,
The bug you are referring to was fixed in PHP 5.3.7; this can be
solved by checking the PHP version and/or by not supporting older and
insecure versions of PHP.
See random_compat for how this should be done:
https://github.com/paragonie/random_compat/blob/master/lib/random.php#L53
Let’s quantify these numbers:
* mt_rand()
* Predictable, only up to 31 bits of entropy in the possible seed values
*…