Deprecating the OpenSslRandomByteGenerator

Rican7 · Rican7 · commit a951f78814b5 · 2016-04-27T15:04:38.000-04:00
diff --git a/src/Robin/Ntlm/Crypt/Random/OpenSslRandomByteGenerator.php b/src/Robin/Ntlm/Crypt/Random/OpenSslRandomByteGenerator.php
@@ -15,6 +15,8 @@
  * "openssl" extension.
  *
  * @link http://php.net/openssl
+ * @deprectated NOTE! This implementation is deprecated, as it's been found to
+ *   be insecure. More info: https://github.com/robinpowered/php-ntlm/issues/7
  */
 class OpenSslRandomByteGenerator implements RandomByteGeneratorInterface
 {
@@ -25,9 +27,17 @@ class OpenSslRandomByteGenerator implements RandomByteGeneratorInterface
 
     /**
      * {@inheritDoc}
+     *
+     * @deprectated NOTE! This implementation is deprecated, as it's been found
+     *   to be insecure.
      */
     public function generate($size)
     {
+        trigger_error(
+            'This implementation is deprecated, as it can be insecure in some circumstances',
+            E_USER_DEPRECATED
+        );
+
         $generated = openssl_random_pseudo_bytes($size, $strong);
 
         if (false === $generated || strlen($generated) !== $size || false === $strong) {
