Hi internals team,
Work on a backport for random_bytes() and random_int() is nearly
finished. If php-src pull requests 1397 and 1398 are merged, then our
polyfill is 100% compatible even in failure conditions.
However, before I tag a v1.0.0 release, I'd greatly appreciate it if
more people would take a look at the code or test the implementation
so I can say, with sufficient confidence, that the library is secure,
reliable, and true to the PHP 7 implementation.
https://github.com/php/php-src/pull/1397
https://github.com/php/php-src/pull/1398
It's also on Packagist under paragonie/random_compat if that helps
anyone acquire it (and, once v1.0.0 is released, include it in your
projects easier).
Please share this with any crypto / security folks that might be
interested in reviewing it.
https://github.com/paragonie/random_compat/issues/11
Thanks,
Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com