Note: I have been asked to log all the security issues that I have found by an OWASP contributor to support the decision to abandon this project. My personal opinion is that all of the code in this repository is beyond repair and that it is not wise to attempt to fix it.
The mcrypt API results should be checked to see if there has been an error. If there has been, the functions should fail hard rather than mask the error as a success.
Note: I have been asked to log all the security issues that I have found by an OWASP contributor to support the decision to abandon this project. My personal opinion is that all of the code in this repository is beyond repair and that it is not wise to attempt to fix it.
The mcrypt API results should be checked to see if there has been an error. If there has been, the functions should fail hard rather than mask the error as a success.
https://github.com/OWASP/phpsec/blob/1999edc10a3b755ff2b17bb78376bd53dd40d192/libs/core/random.php#L120