[wp-trac] [WordPress Trac] #43771: use wp_rand instead of mt_rand()

WordPress Trac noreply at wordpress.org
Sat Apr 14 15:39:38 UTC 2018


#43771: use wp_rand instead of mt_rand()
-------------------------+-----------------------------
 Reporter:  BjornW       |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Security     |    Version:  trunk
 Severity:  normal       |   Keywords:  dev-feedback
  Focuses:               |
-------------------------+-----------------------------
 wp_rand() should be used instead of mt_rand() according to the docs:

 "WordPress uses wp_rand() in order to create hashes, passwords, and nonces
 that are far less predictable than the similar PHP native functions like
 rand() and mt_rand()." Source:
 [https://developer.wordpress.org/reference/functions/wp_rand/]

 I wonder if it would be better to use SHA1 instead of MD5 as well?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43771>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list