Feb 18, 2023Liked by Stephen Rees-Carter

Along this same line, it might be worth mentioning this recent patch to the Str::random() function that fixes a previous bias towards certain letters due to the use of base64 encoding:


And when I was reading this article, I checked the implementation that you linked for the new Str::password and I thought it was done in a really clever way. However, it got me wondering how random_int (the built-in PHP function) avoids biasing certain numbers when the size of the range of numbers is not a power of 2. And that brought me to this article below that was an interesting read:


Note, the built-in PHP function does seem to acknowledge and mitigate modulo biasing:


Expand full comment