Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118349
Return-Path: <divinity76@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 63997 invoked from network); 4 Aug 2022 18:33:00 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 4 Aug 2022 18:33:00 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id D6B24180384
	for <internals@lists.php.net>; Thu,  4 Aug 2022 13:33:18 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,
	FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,
	SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <divinity76@gmail.com>
Received: from mail-ed1-f54.google.com (mail-ed1-f54.google.com [209.85.208.54])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu,  4 Aug 2022 13:33:18 -0700 (PDT)
Received: by mail-ed1-f54.google.com with SMTP id m8so1062963edd.9
        for <internals@lists.php.net>; Thu, 04 Aug 2022 13:33:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=Iwr88/L0/hEMv9w9oPU1W2aeQqZlMQYYMVSWE7TY8Lg=;
        b=csVdZ2k0gfxKu2prqV2c6bPHQ4lnwPQTJxkvDCPxhCJ5Wzbady2hs0jK7kPss680uo
         5nf8rvDttdBm0veyJmZKIQlAwUOlZ84foKpwoPKYtpthmNarQA71Gu/Tr9yqCyF2RbZf
         TqbyOw5mvSWmNcCurBQ0jDkgXYZT9bvip9XNy/bmK3uTvUWe+RKyEBlfm0O5/lj8p8nX
         CD7wAmUCkzI5nstxWK4J/EYp8DP8HeTfjgBchvkcKdQHK223So7y6krUG1e8KbSfzOeS
         rw5M7zC5CC/JZEz7+20yipdCJUN2ehxHuoUdahLJL4Lx+PCDC+OtPxmZhVkfX/IdfM+5
         vINQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=Iwr88/L0/hEMv9w9oPU1W2aeQqZlMQYYMVSWE7TY8Lg=;
        b=QOxW8Zr77mTdRbF/QU/mgJMGecfSzWKJc3wK5udPz3lZTZ9EP9DUDJJIy9ERCIjQlC
         fd1wRyI+e9sUuKelBRJkzu2xT+AHtbCJ3/c53EzxJfp7lJkp5BrzWav4m7RgaAlBsunt
         RH5GmSnIokEupIgmoJo2KI1NoB9yImOc04ITbRvV+oC5CJOYVZ3IOWCuquHq2a0ZK7Fg
         ohNBvJpyWNVocAVZhB5cZgczOJv0sscZz7oM6ZaBt0EaI9GCKv1PWcswBaUFEpB+JbzJ
         MvUdgsOnsJPbop6cRLK6pbzIlpRTTTXT01ZFxaLVKR2K5Y98OZSdNvahqPotxXt112Ln
         38xA==
X-Gm-Message-State: ACgBeo07WCt5W+9eYJrkcs1THPM/Oaf7D7FhdS0zl75DJJu7NAGQZQNz
	iis/C386NieMFXl5EXsYgNmY/xYpKnKfE5/N128=
X-Google-Smtp-Source: AA6agR4UHUi4DfmWid43ilfLp5d0HHNuNxoBVTtyctvXTOdw0Ey2TWeeSV6AyIOkqG/0X9tcQ0JNKRSZbsuBYPAd2PU=
X-Received: by 2002:a05:6402:35d6:b0:43d:c3b0:1206 with SMTP id
 z22-20020a05640235d600b0043dc3b01206mr3718568edc.415.1659645197283; Thu, 04
 Aug 2022 13:33:17 -0700 (PDT)
MIME-Version: 1.0
References: <157e4f6b6e96376e61194b9a358c87b02880ec28.camel@sandfox.me> <67f9981b-de29-2f83-cecf-08ea3c1199ae@bastelstu.be>
In-Reply-To: <67f9981b-de29-2f83-cecf-08ea3c1199ae@bastelstu.be>
Date: Thu, 4 Aug 2022 22:32:40 +0200
Message-ID: <CAJmy8YEGzTnr9=XxUTkWU9fcBOzs1x-dXNov1ks-EzfcQoUXtQ@mail.gmail.com>
To: =?UTF-8?Q?Tim_D=C3=BCsterhus?= <tim@bastelstu.be>
Cc: Anton Smirnov <sandfox@sandfox.me>, PHP Internals List <internals@lists.php.net>, 
	Go Kudo <zeriyoshi@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000006ff5eb05e5704252"
Subject: Re: [PHP-DEV] xoshiro** edge case (all zeros)
From: divinity76@gmail.com (Hans Henrik Bergan)

--0000000000006ff5eb05e5704252
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

dangerous to be sure, but it's also a technically valid seed,
are you sure we should disallow a valid seed?

On Thu, 4 Aug 2022 at 20:33, Tim D=C3=BCsterhus <tim@bastelstu.be> wrote:

> Hi
>
> On 8/4/22 10:09, Anton Smirnov wrote:
> > xoshiro** has a known edge case: all-zero seed
>
> Indeed, good catch. I had that in mind, but forgot about it.
>
> > <?php
> >
> > $engine =3D new \Random\Engine\Xoshiro256StarStar(str_repeat("\0", 32))=
;
> >
> > while (true) {
> >      echo hex2bin($engine->generate()), PHP_EOL; // 0000000000000000
> > }
> >
> > It should be documented and/or handled
> >
> > It's only for a string seed, int seed is not affected
> >
>
> I've created a PR here:
>
> https://github.com/php/php-src/pull/9250
>
> I've opted to throw a ValueError in that case, as that's the only safe
> option that does not introduce a bias.
>
> The 32xNUL seed basically should only happen for manually written
> testing input and not happen otherwise. An actual random seed will
> result in 32 NUL bytes with just a 2**-256 chance and when relying on
> the implicit CSPRNG seeding (`null` as seed parameter) my PR will just
> retry to catch even that edge case.
>
> Best regards
> Tim D=C3=BCsterhus
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: https://www.php.net/unsub.php
>
>

--0000000000006ff5eb05e5704252--