Hey
I just learned about those long overdue CVEs and this project got a new user a perhaps a new contributor too.
After a quick inspection, I found at least one additional issue, which you've addressed in PHP7+ (uniqid as a source of "randomness"). If you really, really, really still want to keep PHP5 supported, I'd like to suggest another solution for that, which is trying several things such as libsodium, /dev/urandom, CAPICOM etc. If it really turns out that there actually are systems without any of these, only then think about having a user-enableable option for some kind of a substitute. Shall I send a PR?
Hey
I just learned about those long overdue CVEs and this project got a new user a perhaps a new contributor too.
After a quick inspection, I found at least one additional issue, which you've addressed in PHP7+ (uniqid as a source of "randomness"). If you really, really, really still want to keep PHP5 supported, I'd like to suggest another solution for that, which is trying several things such as libsodium, /dev/urandom, CAPICOM etc. If it really turns out that there actually are systems without any of these, only then think about having a user-enableable option for some kind of a substitute. Shall I send a PR?