[wp-trac] [WordPress Trac] #43771: use wp_rand instead of mt_rand()
WordPress Trac
noreply at wordpress.org
Sat Apr 14 15:39:38 UTC 2018
#43771: use wp_rand instead of mt_rand()
-------------------------+-----------------------------
Reporter: BjornW | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Keywords: dev-feedback
Focuses: |
-------------------------+-----------------------------
wp_rand() should be used instead of mt_rand() according to the docs:
"WordPress uses wp_rand() in order to create hashes, passwords, and nonces
that are far less predictable than the similar PHP native functions like
rand() and mt_rand()." Source:
[https://developer.wordpress.org/reference/functions/wp_rand/]
I wonder if it would be better to use SHA1 instead of MD5 as well?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43771>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list