Openssl is not as good as you think

[rugk]

Also the non-pseudo mode is not as secure as you might think (so IMHO a "high" level is too much):

[... The] OpenSSL docs deprecate RAND_pseudo_bytes, but I wondered what is the actual difference between pseudo and non-pseudo.

• RAND_pseudo_bytes gets the default rand method which is going to be RAND_SSLeay unless you have an exotic setup
• Pseudo or not the same function is called with a final parameter to indicate "pseudo"
• pseudo is only referenced once within this function, to suppress an error message. The function returns 1 or 0.
• PHP only checks for a negative return value. This can only happen if there is no pseudo-random implementation, or the pseudo-random method is exotic
• Other bundled engines also behave this way - Basically, the only way to get a negative return and for PHP to cry about weak crypto is if the pseudorandom function isn't implemented, and you get NO bytes at all from OpenSSL.

https://github.com/paragonie/random_compat/issues/6#issuecomment-119564973 /cc @lt

[paragonie-scott]

In https://github.com/paragonie/RandomLib this is downgraded from High to Medium for this and related reasons.