A new version, and an interesting reason – PHP’s built-in random functions aren’t random enough.

While the values are good enough for most things, when used for cryptographic purposes (such as passwords) they are inadequate – because people try to hack blogs, there is enough incentive to try again and again to guess (called brute force attacks). With enough clues as to how random numbers are created, they can have an easier time.

Think of it this way – if you play “rock, paper, scissors” against a friend who always goes rock, then paper, then scissors, over and over again, you’ve gone from a 50/50 chance of winning to 100% chance – because you can predict the next move. And while normally random is random enough, in the high-stakes world of security, there are people who will use that edge.

The good news: it’s a fair bit of effort to hack using this new info, so I doubt many blogs will have a problem except for some of the largest ones.

In any case, while not critical, it seems a worthwhile upgrade – if only to stop the nag screens!

As always, you can get the latest WP from their site, and if the details of the random issue interest you, you can read further here.