Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72779 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 11699 invoked from network); 23 Feb 2014 23:01:50 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Feb 2014 23:01:50 -0000 Authentication-Results: pb1.pair.com smtp.mail=me@rouvenwessling.de; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=me@rouvenwessling.de; sender-id=pass Received-SPF: pass (pb1.pair.com: domain rouvenwessling.de designates 5.35.242.46 as permitted sender) X-PHP-List-Original-Sender: me@rouvenwessling.de X-Host-Fingerprint: 5.35.242.46 rouvenwessling.de Linux 2.6 Received: from [5.35.242.46] ([5.35.242.46:51326] helo=lvps5-35-242-46.dedicated.hosteurope.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BA/76-57053-DDD7A035 for ; Sun, 23 Feb 2014 18:01:50 -0500 Received: by lvps5-35-242-46.dedicated.hosteurope.de (Postfix, from userid 5001) id 2CAD569F14A6; Mon, 24 Feb 2014 00:01:47 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on lvps5-35-242-46.dedicated.hosteurope.de X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, HTML_MESSAGE autolearn=unavailable version=3.3.1 Received: from rouvens-air-7.localdomain (xdsl-85-197-12-214.netcologne.de [85.197.12.214]) by lvps5-35-242-46.dedicated.hosteurope.de (Postfix) with ESMTPA id 2845F69F149F; Mon, 24 Feb 2014 00:01:46 +0100 (CET) Content-Type: multipart/alternative; boundary="Apple-Mail=_A801C74F-E3E4-45E2-AE7A-94A117829609" Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\)) In-Reply-To: Date: Mon, 24 Feb 2014 00:01:45 +0100 Cc: Stas Malyshev , Nikita Popov , PHP internals Message-ID: <050FCE90-536A-4F1B-BF7B-938BB6FA3F25@rouvenwessling.de> References: <530A5899.1050203@sugarcrm.com> To: Andrea Faulds X-Mailer: Apple Mail (2.1822) Subject: Re: [PHP-DEV] [PHP6] Merging rand and mt_rand() From: me@rouvenwessling.de (=?iso-8859-1?Q?Rouven_We=DFling?=) --Apple-Mail=_A801C74F-E3E4-45E2-AE7A-94A117829609 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On 23.02.2014, at 22:53, Andrea Faulds wrote: >=20 > On 23 Feb 2014, at 20:22, Stas Malyshev = wrote: >> I would say anybody who relies on RNG producing preset numbers is = asking >> for trouble. If you need mock RNG, mock it out, don't rely on >> undocumented properties of the system one. >> But then again, refactoring and unifying RNGs is not very urgent = thing >> and a good candidate to put in a major version. >=20 >=20 > What? PRNGs guarantee that for a given seed they will always produce = the same sequence. All sorts of things do and should rely on this. As far as rand() is concerned, this already doesn't work. As it's using = the system rand it might change behavior when changing to a different OS = for example. In this regards the change actually helps. That said, I think it's a very bad idea to use a non-random seed with = mt_srand() or srand() as a lot of code fall backs to them when no secure = alternative exists. Also some library may use them to decide things that = should actually be random. Maybe it would be a good idea to deprecate = those and not include them in PHP6? It's probably safer to provide a = dedicated sequence generator, than having people abuse our PRNGs. --Apple-Mail=_A801C74F-E3E4-45E2-AE7A-94A117829609--