From 2ff7ee6752cc505fd538a12e1a0c1709231961a8 Mon Sep 17 00:00:00 2001
From: Guy Marriott <guy@scopey.co.nz>
Date: Thu, 1 Nov 2018 19:51:15 +1300
Subject: [PATCH 1/2] NEW Deprecate RandomGenerator::generateEntropy in favour
 of using random_bytes directly

---
 src/Security/RandomGenerator.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Security/RandomGenerator.php b/src/Security/RandomGenerator.php
index b7279e0b6..89c223eb9 100644
--- a/src/Security/RandomGenerator.php
+++ b/src/Security/RandomGenerator.php
@@ -4,6 +4,7 @@ namespace SilverStripe\Security;
 
 use Error;
 use Exception;
+use SilverStripe\Dev\Deprecation;
 
 /**
  * Convenience class for generating cryptographically secure pseudo-random strings/tokens
@@ -13,9 +14,12 @@ class RandomGenerator
     /**
      * @return string A 128-character, randomly generated ASCII string
      * @throws Exception If no suitable CSPRNG is installed
+     * @deprecated 4.4:5.0
      */
     public function generateEntropy()
     {
+        Deprecation::notice('4.4', __METHOD__ . ' has been deprecated. Use random_bytes instead');
+
         try {
             return bin2hex(random_bytes(64));
         } catch (Error $e) {
@@ -38,9 +42,10 @@ class RandomGenerator
      *
      * @param string $algorithm Any identifier listed in hash_algos() (Default: whirlpool)
      * @return string Returned length will depend on the used $algorithm
+     * @throws Exception When there is no valid source of CSPRNG
      */
     public function randomToken($algorithm = 'whirlpool')
     {
-        return hash($algorithm, $this->generateEntropy());
+        return hash($algorithm, random_bytes(64));
     }
 }

From 47fbaebb9239e68111d4336debe1f7e19b2bce0b Mon Sep 17 00:00:00 2001
From: Robbie Averill <robbie@averill.co.nz>
Date: Tue, 6 Nov 2018 00:07:24 +1300
Subject: [PATCH 2/2] Alter deprecation version numbers

Co-Authored-By: ScopeyNZ <guy@scopey.co.nz>
---
 src/Security/RandomGenerator.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Security/RandomGenerator.php b/src/Security/RandomGenerator.php
index 89c223eb9..02fff7df7 100644
--- a/src/Security/RandomGenerator.php
+++ b/src/Security/RandomGenerator.php
@@ -14,7 +14,7 @@ class RandomGenerator
     /**
      * @return string A 128-character, randomly generated ASCII string
      * @throws Exception If no suitable CSPRNG is installed
-     * @deprecated 4.4:5.0
+     * @deprecated 4.4.0:5.0.0
      */
     public function generateEntropy()
     {