Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:80403 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 63798 invoked from network); 12 Jan 2015 01:31:58 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 12 Jan 2015 01:31:58 -0000 Authentication-Results: pb1.pair.com smtp.mail=ajf@ajf.me; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=ajf@ajf.me; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ajf.me designates 192.64.116.207 as permitted sender) X-PHP-List-Original-Sender: ajf@ajf.me X-Host-Fingerprint: 192.64.116.207 imap2-2.ox.privateemail.com Received: from [192.64.116.207] ([192.64.116.207:40655] helo=imap2-2.ox.privateemail.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 07/F5-34383-D0423B45 for ; Sun, 11 Jan 2015 20:31:58 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.privateemail.com (Postfix) with ESMTP id 527478C0069; Sun, 11 Jan 2015 20:31:54 -0500 (EST) X-Virus-Scanned: Debian amavisd-new at imap2.ox.privateemail.com Received: from mail.privateemail.com ([127.0.0.1]) by localhost (imap2.ox.privateemail.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id H3_OcN3jaQmX; Sun, 11 Jan 2015 20:31:54 -0500 (EST) Received: from oa-res-26-240.wireless.abdn.ac.uk (oa-res-26-240.wireless.abdn.ac.uk [137.50.26.240]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.privateemail.com (Postfix) with ESMTPSA id 1E6158C0009; Sun, 11 Jan 2015 20:31:52 -0500 (EST) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) In-Reply-To: <54B32145.80501@gmail.com> Date: Mon, 12 Jan 2015 01:31:50 +0000 Cc: Jordi Boggiano , Yasuo Ohgaki , PHP Internals List Content-Transfer-Encoding: quoted-printable Message-ID: References: <54B30DB9.3000003@seld.be> <76B8D342-43E7-42E6-AD82-FCF7C5CA8658@ajf.me> <54B31D77.9010100@gmail.com> <976B7B2E-7BC9-4514-ABF3-C0DA3ED98897@ajf.me> <54B32145.80501@gmail.com> To: Stanislav Malyshev X-Mailer: Apple Mail (2.1993) Subject: Re: [PHP-DEV] rand(), mt_rand() and limits From: ajf@ajf.me (Andrea Faulds) Hi, > On 12 Jan 2015, at 01:20, Stanislav Malyshev = wrote: >=20 >> The manual explicitly guarantees that code should not rely on the >> random number generator being predictable. >=20 > Where exactly does it say that? The only note I've found is this: > http://php.net/manual/en/function.mt-srand.php >=20 > 5.2.1 The Mersenne Twister implementation in PHP now uses a new = seeding > algorithm by Richard Wagner. Identical seeds no longer produce the = same > sequence of values they did in previous versions. This behavior is not > expected to change again, but it is considered unsafe to rely upon it > nonetheless. >=20 > Which just says we could change PRNG behavior between versions, and > nothing about PRNG not being predictable. It says it=92s unsafe to rely upon the behaviour of seeding. Also, FWIW, anyone who used the Suhosin patch couldn=92t use srand() = because it disabled it. >> If people want their existing code to continue to work, we could of >> course allow this new API to support the C stdlib rand() as an >> algorithm for BC reasons. But such code was never supposed to work in >> this first place. >=20 > If it works, breaking it should have a very good reason. I don't see = any > reason to break srand(). Because if we don=92t break it, people will continue to rely on it, and = this binds our hands for future versions.=20 Also, those people will have their code break anyway if they upgrade = their OS and it changes its random number generator. Just because people do rely on it doesn=92t mean they should or that we = should continue to allow them to. -- Andrea Faulds http://ajf.me/