RandomLib icon indicating copy to clipboard operation
RandomLib copied to clipboard
verified publisher icon ircmaxell

RandomLib vs. random_compat

Open adrienrn opened this issue 10 years ago • 6 comments

Hi,

First, thanks for your work!

One thing that I don't understand is the difference between your two projects :

  • https://github.com/ircmaxell/RandomLib
  • https://github.com/ircmaxell/random_compat ~~https://github.com/ircmaxell/password_compat~~

Which one should I use ?

RandomLib seems more maintained, object-oriented, depending on your SecurityLib and give more options like LowStrength / MediumStrengh (even if I kind of missed the difference between low and medium, but that must be a lack of knowledge regarding cryptography).

Thanks again, Adrien.

adrienrn avatar Aug 16 '15 21:08 adrienrn

@adrienrn The two projects are completely different and it depends on your use case. RandomLib is about generating random numbers and strings. password_compat is about providing compatibility with the password_* functions that ship with PHP 5.5 in the case that you need to work with earlier versions of PHP.

See:

  • http://php.net/manual/en/function.password-hash.php
  • http://php.net/manual/en/function.password-verify.php
  • http://php.net/manual/en/ref.password.php

In short, if you are dealing with creating and verifying password hashes, use password_compat. If you're using PHP 5.5+, you can just use these functions natively. If you need to generate random numbers or strings, use RandomLib.

If you can share more about what you are trying to do, I'm sure someone can provide more guidance. And if @ircmaxell disagrees what what I've written here (I'm only trying to help and get an answer to you quickly since I happen to be at my computer right now) he may have other things to say as to what the differences are but he'd probably still need to know more about what you're trying to do in order to better guide you. :)

simensen avatar Aug 16 '15 22:08 simensen

Arf, I made a mistake copy-and-pasting URL from the wrong tab, I was talking about random_compat : https://github.com/ircmaxell/random_compat

Thanks for the quick reply !

adrienrn avatar Aug 16 '15 22:08 adrienrn

@adrienrn OK! I think @ircmaxell will have to answer that question then. The nuances and subtle differences between those two packages I might not be able to help w/. :)

simensen avatar Aug 16 '15 22:08 simensen

I will be deprecating random_compat. Use either RandomLib or https://github.com/paragonie/random_compat (which is a php7 compatibility pack). Random_compat was more of an experiment.

ircmaxell avatar Aug 17 '15 19:08 ircmaxell

Why not port random_bytes() to PHP 5? – php-internals list.

tom-- avatar Oct 13 '15 00:10 tom--

How does this compare to https://github.com/ircmaxell/PHP-CryptLib#secure-random-numberstring-generation?

lboynton avatar Nov 04 '15 11:11 lboynton