You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The md5(), sha1() and sha256() generators are documented to return a random MD5, SHA-1 or SHA-256 hash respectively. This is technically true, but at the same time it's also misleading, because the functions are unable to leverage the full output space of the respective hashes the way they're written. They don't return a random hash, they return the hash of a random 32 bit integer which is something entirely different.
I'm skipping the remainder of the template, because the issue is evident by looking at the code:
Replace the implementation by bin2hex(random_bytes($bytes)) with $bytes being 16, 20 and 32 to make use of the entire output space [1]. But even then it would be slightly misleading, because hexadecimal is just one possible encoding for an 128/160/256 bit integer. Returning raw bytes or base64 encoding would also be valid representations that are actually used in practice in the context of a cryptographic hash.
[1] With PHP 8.2 use Randomizer::getBytes().
The text was updated successfully, but these errors were encountered:
The functions return hexadecimal characters, thus the output from random_bytes() needs to be hex encoded.
I don't see why. Miscellaneous::md5, Miscellaneous::sha1 and Miscellaneous::sha256 return hexadecimal characters independently of their parameter/input
Summary
The md5(), sha1() and sha256() generators are documented to return a random MD5, SHA-1 or SHA-256 hash respectively. This is technically true, but at the same time it's also misleading, because the functions are unable to leverage the full output space of the respective hashes the way they're written. They don't return a random hash, they return the hash of a random 32 bit integer which is something entirely different.
I'm skipping the remainder of the template, because the issue is evident by looking at the code:
Faker/src/Faker/Provider/Miscellaneous.php
Lines 245 to 273 in 57e1f99
Possible solution:
Replace the implementation by
bin2hex(random_bytes($bytes))
with$bytes
being16
,20
and32
to make use of the entire output space [1]. But even then it would be slightly misleading, because hexadecimal is just one possible encoding for an 128/160/256 bit integer. Returning raw bytes or base64 encoding would also be valid representations that are actually used in practice in the context of a cryptographic hash.[1] With PHP 8.2 use
Randomizer::getBytes()
.The text was updated successfully, but these errors were encountered: