[wp-trac] [WordPress Trac] #28633: Generate better random numbers

WordPress Trac noreply at wordpress.org
Fri Feb 13 02:27:10 UTC 2015

#28633: Generate better random numbers
 Reporter:  sarciszewski             |       Owner:
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Security                 |     Version:  trunk
 Severity:  major                    |  Resolution:
 Keywords:  needs-testing has-patch  |     Focuses:

Comment (by jeremyfelt):

 Replying to [comment:27 sarciszewski]:
 > If we expose an insecure method as "very random", it may lead to bad
 habits propagating into the next generation.
 > I learned how to use MySQL from PHP by reading the source code in nulled
 copies of Invision Power Board circa 2002.

 Absolutely. Improved documentation to clarify code is always good. The
 "very random" in this case is—or I read it as— tongue in cheek in the
 context of the surrounding code, though it could be updated.

 The `md5()` approach itself doesn't really need to be made more complex as
 security is not a factor here.

Ticket URL: <https://core.trac.wordpress.org/ticket/28633#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list