I have been following information on SO about generating random strings using mcrypt_create_iv() and have some example code over at 3v4l.org.
After reading the PHPWiki all mycrypt_* functions will show a depreceated warning but it does not specify what will be used in 7.2/8.0 that replaces these functions.
Since it states it will be removed in 7.2/8.0, what will be used to replace IV's?
I do not use this function in my software for encryption and decryption. I only use it for safe/retrievel of a unique string.
Although I imagine each PHP cryptography extension would provide its own version of a function to generate random data, like they currently do:
random_bytes() is better than it)That is simply because any cryptography API would be incomplete without access to a CSPRNG. In fact, mcrypt_create_iv() was added by the PHP developers for that same reason, while it is otherwise not part of libmcrypt.
I only use it for safe/retrievel of a unique string.
"Random" doesn't mean "unique". The former needs to be unpredictable, while the latter has to be unrepeatable.
It is true that the chances of a collision decrease exponentially with each random byte you add to a string, but uniqueness is never 100% guaranteed.