Fix #6103

[zsturgess]

Q	A
Doc fix?	yes
New docs?	no
Applies to	>= 2.8
Fixed tickets	#6103

Re-written this page from talking about the deprecated SecureRandom class to talking about the random_bytes replacement.

[javiereguiluz]

Is polyfill word common enough to use it?

[zsturgess]

I would argue in the world of programming it is, but I'll happily replace with an alternative if desired. fail-safe? fallback?

[zsturgess]

Should I also mention that the polyfill is provided by the random_compat package, or leave it open?

[xabbuh]

What do you think if we didn't talk about the SecureRandom class in all versions of the docs given that the Symfony polyfills (as well as the paragonie/random-compat package) provide implementations for all supported PHP versions?

[zsturgess]

@xabbuh Whichever you think is better here.

I've placed against the 2.8 branch since that is when SecureRandom was deprecated and paragonie/random-compat was "introduced" as a dependency of the Security component.

Using it on older Symfony versions would require installing this as a dependency, which at that point isn't really documenting the Security component any more, but happy to amend this if that is what is desired.

[xabbuh]

Yeah, let's wait what the others think (maybe just adding a tip in older versions is enough).

[zsturgess]

@xabbuh Another question: How would you feel about renaming this page? The title is Generating a Secure random Number, but the article is really about Generating a Secure random String

Pardon my ignorance of the technology driving the docs here, but would I need to do anything more than change the title on this page?

[OskarStark]

Would write:

PHP 7 and up .... natively, for older versions we provide a polyfill.

polyfill should be a link to more information IMO

[zsturgess]

Changed the wording here, not exactly as per your suggestion, but to add more details. I've just linked to the github pages for now, when #6052 is complete, these links can be updated.

[OskarStark]

👍

[zsturgess]

@xabbuh Giving this a bump as, other than my title question above, I think this is just waiting on the docs team to decide about your idea for pre-2.8 versions.

[javiereguiluz]

I like the new doc a lot and I also like @xabbuh's proposal to "backport" these changes to older versions. Thanks @zsturgess.

[zsturgess]

@javiereguiluz Would you like me to change the base of this pull req to the 2.3 branch, or are you planning something a little different for those versions in a separate pull req?

[xabbuh]

@zsturgess Imo we can just make the changes here as general as possible, merge the changes into the 2.3 branch (we can switch the branch when merging) and maybe remove some unneeded stuff when merging branches up.

[zsturgess]

OK, I will add a "versionadded" hint to instruct users to add paragonie/random_compat as a dependancy on older versions.

Is there anything else you'd like? What do you think of my title proposal, above?

[xabbuh]

@zsturgess It makes sense to update the title with your suggestion.

[conradkleinespel]

Given that random_bytes is displayed PHP 7 only on php.net, I think having this page describe how to generate a random number is very good.

Coming from Symfony 2.8, upgrading to 3.0, I would have loved to see @zsturgess's changes. Would have saved me a few minutes of looking through the Security component changelog and figuring out that Symfony had a PHP 7 polyfill.

[zsturgess]

Thanks @conradkleinespel !

I think this PR is pretty much ready, @xabbuh mentioned changing the base when merging this PR, so I haven't altered it, but can change it to 2.3 if desired.

[xabbuh]

"a secure random" sounds incomplete to me. I suggest something like a Secure Random String.

[conradkleinespel]

People might search for "random number symfony" on search engines though. So it does make sense to me to keep "number" in there. Or else "a secure random string or number".

But either way, it would be good to have this merged as people move from 2.8 to 3.0. And maybe make a new PR with this change once we know what we want. Having PR merged is better than leaving the doc in the outdated state, even if this text is not perfect for everyone, IMO.

[zsturgess]

I've added documentation for random_int that should therefore address both of your concerns.

[xabbuh]

👍

[stof]

This should go in the 2.3 branch too, as we know include the polyfill in 2.3 too since the latest 2.3 release.

[stof]

md5 is actually a bad idea, as it would make the string less secure (due to md5 colisions). Using base64_encode (as done in Symfony for CSRF tokens) is a much better idea.

[javiereguiluz]

It's OK to use base64_encode, but I don't think "md5 collisions" is a good argument against MD5. According to this, the probability of a collision is around 2.7×10^-20.

[zsturgess]

I would personally use base64_encode if I were to do this, so I'm tempted to update this anyway. I didn't touch this originally to keep the diff small, but I think we're a little beyond that now :)

[zsturgess]

@stof How would you like to go about this. Shall I open a new PR, or would you like to switch the base when you merge? I'm wary that opening a new PR loses the chain of comments here. /cc @xabbuh

[xabbuh]

@zsturgess We can easily switch the branch when merging.

[zsturgess]

Thanks for all the help and comments, @stof @xabbuh - I believe all your concerns have now been addressed and this is ready for review again.

[wouterj]

Thank you for this PR & help @zsturgess! It's a lot better now.

I've merged your PR into the 2.3 branch with 932530f and did some minor formatting fixes in d6958d6. Thanks again!