[Tip#37] To celebrate the release of Laravel 10 this week, let's take a look at one of the new (security) features!
Along this same line, it might be worth mentioning this recent patch to the Str::random() function that fixes a previous bias towards certain letters due to the use of base64 encoding:
And when I was reading this article, I checked the implementation that you linked for the new Str::password and I thought it was done in a really clever way. However, it got me wondering how random_int (the built-in PHP function) avoids biasing certain numbers when the size of the range of numbers is not a power of 2. And that brought me to this article below that was an interesting read:
Note, the built-in PHP function does seem to acknowledge and mitigate modulo biasing: