From 18cd815f286e9735038d177272776b7da3d7d738 Mon Sep 17 00:00:00 2001
From: Javier Eguiluz <javier.eguiluz@gmail.com>
Date: Mon, 28 May 2018 10:43:41 +0200
Subject: [PATCH] Don't recommend base64 encoding of random_bytes result

---
 components/security/secure_tools.rst | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/components/security/secure_tools.rst b/components/security/secure_tools.rst
index 16a2c5256f8..a9d6e0fec3a 100644
--- a/components/security/secure_tools.rst
+++ b/components/security/secure_tools.rst
@@ -41,9 +41,8 @@ the number bytes passed as an argument (10 in the above example).
     The ``random_bytes()`` function returns a binary string which may contain
     the ``\0`` character. This can cause trouble in several common scenarios,
     such as storing this value in a database or including it as part of the
-    URL. The solution is to encode or hash the value returned by
-    ``random_bytes()`` (to do that, you can use a simple ``base64_encode()``
-    PHP function).
+    URL. The solution is to hash the value returned by ``random_bytes()`` with
+    a hashing function such as :phpfunction:`md5` or :phpfunction:`sha1`.
 
 Generating a Secure Random Number
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~