Along this same line, it might be worth mentioning this recent patch to the Str::random() function that fixes a previous bias towards certain letters due to the use of base64 encoding:
And when I was reading this article, I checked the implementation that you linked for the new Str::password and I thought it was done in a really clever way. However, it got me wondering how random_int (the built-in PHP function) avoids biasing certain numbers when the size of the range of numbers is not a power of 2. And that brought me to this article below that was an interesting read:
Along this same line, it might be worth mentioning this recent patch to the Str::random() function that fixes a previous bias towards certain letters due to the use of base64 encoding:
https://github.com/laravel/framework/pull/45916
And when I was reading this article, I checked the implementation that you linked for the new Str::password and I thought it was done in a really clever way. However, it got me wondering how random_int (the built-in PHP function) avoids biasing certain numbers when the size of the range of numbers is not a power of 2. And that brought me to this article below that was an interesting read:
https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/
Note, the built-in PHP function does seem to acknowledge and mitigate modulo biasing:
https://github.com/php/php-src/blob/php-8.2.3/ext/random/random.c#L124-L142