Welcome Guest, Not a member yet? Register   Sign In
Deprecate random_string basic/md5/sha1
#1

(This post was last modified: 03-09-2023, 02:55 AM by kenjis.)

Is anyone using the following types of random_string()?

Quote:basic: A random number based on mt_rand() (length ignored).
md5: An encrypted random number based on md5() (fixed length of 32).
sha1: An encrypted random number based on sha1() (fixed length of 40).
https://codeigniter4.github.io/CodeIgnit...dom_string

As you know, these values are cryptographically insecure.
I personally do not understand the use case.
I suggest that they be deprecated.
Reply
#2

No, I quit using them a while back because like you say they are insecure.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

I use "crypto" and "alnum" for generate tokens string. Just random string (w/o security context)
Reply
#4

crypto is secure. alnum is not secure now, but I'm going to make it secure.
Reply
#5

(This post was last modified: 03-09-2023, 01:00 AM by superior.)

In the past i've used this for generating hash to compare with payments.
Now using the hash_hmac() and hash_equals() for that, so the above is not being used by me anymore.
Reply
#6

+1 for alnum, but we are migrating towards ULID
Reply
#7

(03-09-2023, 02:44 AM)tgix Wrote: +1 for alnum, but we are migrating towards ULID

What do you mean by +1 for alnum?

My proposal is to make basic/md5/sha1 deprecated.
Reply
#8

(03-09-2023, 02:49 AM)kenjis Wrote:
(03-09-2023, 02:44 AM)tgix Wrote: +1 for alnum, but we are migrating towards ULID

What do you mean by +1 for alnum?

My proposal is to make basic/md5/sha1 deprecated.

OK, I quickly read it as deprecating random_string().
Reply
#9

Updated the docs:
https://codeigniter4.github.io/CodeIgnit...dom_string
Reply
#10

I sent a PR: https://github.com/codeigniter4/CodeIgniter4/pull/7363
Reply




Theme © iAndrew 2016 - Forum software by © MyBB