search

pedrosancao / php-otp

One-time password PHP implementation of HMAC-based algorithm according to RFC 4226 and RFC 6238 compatible with Google Authenticator.
https://packagist.org/packages/pedrosancao/php-otp
MIT License
15 stars 2 forks source link

composer dependencies #1

Open jnorell opened 2 years ago

jnorell commented 2 years ago

Hello,

I'm evaluating this for a simple TOTP implementation, and in looking at the composer dependencies, this requires php7.3 and also your php-random-data class, which itself uses mcrypt and hence is incompatible with php7.2 and above, where mcrypt was removed. Is that simply an error in the composer dependency, and this might actually work with php7.1 or lower?

Thanks...

jnorell commented 2 years ago

Sorry, was reading in too much hurry on too small of a screen, I now see that php-random-class does check if the mcrypt function exists and is effectively a wrapper for random_bytes() for php7.0 and up.

As the minimum php version in composer.json is 7.3, it might make more sense to just use random_bytes directly?

pedrosancao commented 1 year ago

Sorry for taking a long time to answer and thanks for your contribution.

I really didn't take a look on this lib since the initial release but this compatibility issue is crucial, tho I'd like to test myself before merging. Hope this won't take long.