paragonie/random_compat

random_compat is a backward-compatibility library that provides cryptographically secure random number generation functions for PHP 5.x environments. It delivers the random_bytes() and random_int() functions that are natively available in PHP 7+, enabling legacy applications to generate secure random bytes and unbiased integers from system entropy sources.

The library implements a priority-based fallback chain across operating-system CSPRNGs, selecting the best available random source in order of security. It uses rejection sampling to convert raw random bytes into unbiased integers within arbitrary ranges, eliminating modulo bias. When no secure random source is available, the library throws explicit exceptions to make failure modes clear to developers.

The polyfill defines its functions only when the native PHP 7+ equivalents are absent, preventing redeclaration errors in mixed-version environments. It wraps multiple OS-level random number generators behind a unified interface, hiding platform-specific differences from callers. The library exposes procedural functions that internally delegate to static class methods, maintaining PHP 5.x compatibility without breaking modern call patterns.