View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0022708||mantisbt||code cleanup||public||2017-04-11 05:53||2017-04-11 06:46|
|Summary||0022708: Remove usage of deprecated function mcrypt_create_iv|
Remove usage of deprecated function mcrypt_create_iv
mcrypt_create_iv is deprecated in PHP 7.1 
Warnings are generated, depending on operating system and setting error_reporting.
e.g. it seems that our first choice to use openssl_random_pseudo_bytes is typically not available on Windows 
|Tags||No tags attached.|
I did a quick research on this, and it appears that the use of openssl_random_pseudo_bytes() for crypto purposes is no longer recommended , and it's also worth mentioning that there's been a security issue with this function  (fixed in 5.6.12, 5.5.28, 5.4.44).
I would suggest that we change crypto_generate_random_string() to
We could also decide to bundle https://github.com/paragonie/random_compat for older PHP versions, this way we could further simplify the code in crypto_generate_random_string()