On 10/14/2012 01:11 AM, Daniel Friesen wrote:
((That %1 is from the fact that if you have no access to urandom or are on old php, no mcrypt random, and no openssl random we do use $wgSecretKey as a very small source of entropy, but it's of barely any value most of our entropy comes from clock drift in that case.))
Looks like 0.001% to me.
Except extensions use $wgSecretKey too.
—Victor.