The SecureRandom Symfony class goal is to generate secure random numbers. Several strategies are used depending on PHP's configuration. On PHP installations where the random_bytes() function is not available, Symfony falls back to using openssl_random_pseudo_bytes(). If that does not work, Symfony generates a secure random number using uniqid() and mt_rand(), which are not suitable for cryptographic contexts. External references: https://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails
Created php-symfony tracking bugs for this issue: Affects: epel-6 [bug 1340831]
All dependent bugs closed.