Deprecate random_string basic/md5/sha1

Deprecate random_string basic/md5/sha1 - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=31)
+--- Thread: Deprecate random_string basic/md5/sha1 (/showthread.php?tid=87026)

Pages: 1 2

Deprecate random_string basic/md5/sha1 - kenjis - 03-06-2023

Is anyone using the following types of random_string()?

Quote:basic: A random number based on mt_rand() (length ignored).
md5: An encrypted random number based on md5() (fixed length of 32).
sha1: An encrypted random number based on sha1() (fixed length of 40).
https://codeigniter4.github.io/CodeIgniter4/helpers/text_helper.html#random_string

As you know, these values are cryptographically insecure.
I personally do not understand the use case.
I suggest that they be deprecated.

RE: Deprecate random_string basic/md5/sha1 - InsiteFX - 03-06-2023

No, I quit using them a while back because like you say they are insecure.

RE: Deprecate random_string basic/md5/sha1 - ozornick - 03-08-2023

I use "crypto" and "alnum" for generate tokens string. Just random string (w/o security context)

RE: Deprecate random_string basic/md5/sha1 - kenjis - 03-09-2023

crypto is secure. alnum is not secure now, but I'm going to make it secure.

RE: Deprecate random_string basic/md5/sha1 - superior - 03-09-2023

In the past i've used this for generating hash to compare with payments.
Now using the hash_hmac() and hash_equals() for that, so the above is not being used by me anymore.

RE: Deprecate random_string basic/md5/sha1 - tgix - 03-09-2023

+1 for alnum, but we are migrating towards ULID

RE: Deprecate random_string basic/md5/sha1 - kenjis - 03-09-2023

(03-09-2023, 02:44 AM)tgix Wrote: +1 for alnum, but we are migrating towards ULID

What do you mean by +1 for alnum?

My proposal is to make basic/md5/sha1 deprecated.

RE: Deprecate random_string basic/md5/sha1 - tgix - 03-09-2023

(03-09-2023, 02:49 AM)kenjis Wrote:
(03-09-2023, 02:44 AM)tgix Wrote: +1 for alnum, but we are migrating towards ULID

What do you mean by +1 for alnum?

My proposal is to make basic/md5/sha1 deprecated.

OK, I quickly read it as deprecating random_string().

RE: Deprecate random_string basic/md5/sha1 - kenjis - 03-17-2023

Updated the docs:
https://codeigniter4.github.io/CodeIgniter4/helpers/text_helper.html#random_string

RE: Deprecate random_string basic/md5/sha1 - kenjis - 03-20-2023

I sent a PR: https://github.com/codeigniter4/CodeIgniter4/pull/7363