In response to some people claiming that using a CSPRNG is "going way overboard" and/or is "overkill", I've written this test to verify the performance impact of using a CSPRNG versus their insecure mt_rand()
based hacks.
I think the results are conclusive (at least on my device): A 50% speed increase. In addition to less-predictable randomness.
If anyone would like to suggest a benchmark script (or conditions that lead to different results with mine), let me know and I will link to them here.
Just tested on PHP7 minus mcrypt for reasons of it not being in my docker for PHP7 (I think it's deprecated)
I ran multiple times, looks like the numbers are pretty solid, very little difference very old quad core inside docker environment