====== PHP RFC: Remove MCRYPT_RAND (Formerly: Deprecate MCRYPT_RAND) ======
  * Version: 0.2
  * Date: 2014-07-08
  * Author: Scott Arciszewski, scott@arciszewski.me
  * Status: Obsoleted by [[rfc/mcrypt-viking-funeral]]
  * First Published at: http://wiki.php.net/rfc/deprecate_mcrypt_rand

===== Introduction =====
MCRYPT_RAND should removed from PHP 7.0 so that developers are discouraged from using it in production systems or in frameworks used by other developers. MCRYPT_RAND is a constant that instructs mcrypt_create_iv() to use a non-cryptographically-secure entropy source. While IVs do not have the same secrecy requirements as a private key, they should be unpredictable. Using MCRYPT_RAND is therefore unsuitable for cryptographic applications.


===== Proposal =====
The following changes should be made:
  * MCRYPT_RAND should be removed as of PHP 7.0.
  * With MCRYPT_RAND gone, mcrypt_create_iv() should transparently fall back to the default (currently MCRYPT_DEV_URANDOM)

===== Backward Incompatible Changes =====
The MCRYPT_RAND constant will be removed, and support for it will also be removed.

===== Proposed PHP Version(s) =====
This proposal should be considered for the PHP 7.0.

===== Proposed Voting Choices =====
Include these so readers know where you are heading and can discuss the proposed voting options.

State whether this project requires a 2/3 or 50%+1 majority (see [[voting]])

===== Patches and Tests =====
The patch (and a relevant discussion) is already on GitHub

===== References =====
  * https://github.com/php/php-src/pull/889 - Patch by sarciszewski
  * https://github.com/php/php-src/pull/579 - Original patch by yohgaki + discussion