CakeDC · steinkel · Apr 12, 2026 · Apr 11, 2026 · Apr 11, 2026
diff --git a/src/Traits/RandomStringTrait.php b/src/Traits/RandomStringTrait.php
@@ -26,8 +26,6 @@ public function randomString($length = 10)
         if (!is_numeric($length) || $length <= 0) {
             $length = 10;
         }
-        $string = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-
-        return substr(str_shuffle($string), 0, $length);
+        return substr(bin2hex(random_bytes((int)ceil($length / 2))), 0, $length);
     }
 }
diff --git a/tests/TestCase/Traits/RandomStringTraitTest.php b/tests/TestCase/Traits/RandomStringTraitTest.php
@@ -33,18 +33,21 @@ public function tearDown(): void
         parent::tearDown();
     }
 
-    public function testRandomString()
+    public function testRandomStringLength()
     {
-        $result = $this->Trait->randomString();
-        $this->assertEquals(10, strlen($result));
-
-        $result = $this->Trait->randomString(30);
-        $this->assertEquals(30, strlen($result));
+        $this->assertSame(10, strlen($this->Trait->randomString()));
+        $this->assertSame(30, strlen($this->Trait->randomString(30)));
+        $this->assertSame(10, strlen($this->Trait->randomString('-300')));
+        $this->assertSame(10, strlen($this->Trait->randomString('text')));
+    }
 
-        $result = $this->Trait->randomString('-300');
-        $this->assertEquals(10, strlen($result));
+    public function testRandomStringUsesSecureRandomness()
+    {
+        $first = $this->Trait->randomString(32);
+        $second = $this->Trait->randomString(32);
 
-        $result = $this->Trait->randomString('text');
-        $this->assertEquals(10, strlen($result));
+        $this->assertNotSame($first, $second);
+        $this->assertMatchesRegularExpression('/^[0-9a-f]+$/', $first);
+        $this->assertMatchesRegularExpression('/^[0-9a-f]+$/', $second);
     }
 }