Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:91360
Return-Path: <scott@paragonie.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 65863 invoked from network); 23 Feb 2016 14:36:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Feb 2016 14:36:14 -0000
Authentication-Results: pb1.pair.com smtp.mail=scott@paragonie.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=scott@paragonie.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain paragonie.com designates 209.85.214.177 as permitted sender)
X-PHP-List-Original-Sender: scott@paragonie.com
X-Host-Fingerprint: 209.85.214.177 mail-ob0-f177.google.com  
Received: from [209.85.214.177] ([209.85.214.177:34500] helo=mail-ob0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F1/B3-38634-D5E6CC65 for <internals@lists.php.net>; Tue, 23 Feb 2016 09:36:13 -0500
Received: by mail-ob0-f177.google.com with SMTP id ts10so82193826obc.1
        for <internals@lists.php.net>; Tue, 23 Feb 2016 06:36:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paragonie-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=23ERbDURyHtDXzRrGCP5j1hXGGkJuRcd/fAxZY4ncUw=;
        b=I6yNqraZS3DURO4ZmsXxuQhmHRgKHpfXg5Paox4wZaWGOxtbRl+DEYIoGhIbif2MAS
         nlNVqXT6CSXSj5d8txHt9AnASYnlQ1zH6/hQnDjwrm7cibqrvwgQiqsf3yW2701SwicH
         0x+vCT95FExrv42/Jf3job8OnwVD+lMDOPROHyx84XnZADE/mcpf0CAHlVyuaCTZ3pez
         lBvCR9QXFy3nXJKQ2qVvUFE81k9cpXG6KqXNFA5n6uALkgXSiBw7YdhMkcccZJ8R2I/D
         oRrDRxWVHnXWCbIv3uXJWUY0AJGHEqBDnZ3Bi1+m3ZItSt5t+FO1t6/vdcyUKj3xuqCb
         59qA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc:content-type;
        bh=23ERbDURyHtDXzRrGCP5j1hXGGkJuRcd/fAxZY4ncUw=;
        b=byCFdVISoJTzHlG56CN4FX9fbHy219ADn6bvoLrGLP7pYkJhxQAEn6SdZ4hM86p/rA
         tPlj/3nQ6330Ufb4xPTSy3+6xRkepRkSH6QEkcGG8LSrBr1Q970f5YXG3f2UXnFy6fDH
         NO2hvl5V/KMXJYlIdZxwTu2zT6qSUKjr6Os0WU0CfmmRPs7EHXbg7S7lm3Q8JX0lipeD
         3xrBOAo1uvP9Ec/a51+BQSZ5QWsBkDdwtdadb7Z5CCWM3JIBm3xmtdZe1ES31pbSfo/Q
         4PRU1QbpAqVNmdrlb1bWIKnUexg5PUMhu3uRLaEZcdTHJ69LeMrdp4YZGoe/+UFehJsd
         SZSA==
X-Gm-Message-State: AG10YOQp6YblKPwpdHpWC2pj+m/8IPdpB/UB0vrWReaJ15L8gn/MV/MZ4S++gmHV5/RSXMY+nsz5X/5Ox83oKQ==
MIME-Version: 1.0
X-Received: by 10.60.73.232 with SMTP id o8mr28876350oev.39.1456238170878;
 Tue, 23 Feb 2016 06:36:10 -0800 (PST)
Received: by 10.157.10.80 with HTTP; Tue, 23 Feb 2016 06:36:10 -0800 (PST)
In-Reply-To: <CAEZPtU4eRZt14PM1O8DTUA82ZqQpLR+oNA466ixZNcpDoLQf9w@mail.gmail.com>
References: <CAGa2bXaBoxMF9mpn0yjJ-sNZ+rYG=rpTB=iPP_t7RXsJGWafMQ@mail.gmail.com>
	<CAGa2bXbOzvryXAnwBGFCVvfKOLqTDs8dLZK4FNLLKvnLL4i3VQ@mail.gmail.com>
	<CAEZPtU4eRZt14PM1O8DTUA82ZqQpLR+oNA466ixZNcpDoLQf9w@mail.gmail.com>
Date: Tue, 23 Feb 2016 09:36:10 -0500
Message-ID: <CAKws9z2RXnH9ExeYKNwQkt-eZaU4ybp+LE01RZsSn0fdiY3XGw@mail.gmail.com>
To: Pierre Joye <pierre.php@gmail.com>
Cc: Yasuo Ohgaki <yohgaki@ohgaki.net>, "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Re: PRNG: Raise warning and/or provide better pseudo
 random generator?
From: scott@paragonie.com (Scott Arciszewski)

On Tue, Feb 23, 2016 at 7:46 AM, Pierre Joye <pierre.php@gmail.com> wrote:
> hi,
>
> On Tue, Feb 23, 2016 at 5:41 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
>> Hi all,
>>
>> On Tue, Feb 23, 2016 at 6:30 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
>>>
>>> We have issue on pseudo random generators generates only odd/even
>>> numbers.
>>>
>>> https://bugs.php.net/bug.php?id=63174
>>> https://news.ycombinator.com/item?id=9941364
>>>
>>> We should raise E_WARNING/E_NOTICE if user supplies random number
>>> range that generated random number cannot be random at least.
>>> Patch for rand/mt_rand.
>>> https://gist.github.com/yohgaki/1519f65dffd66735bafe
>>>
>>> It seems we need more reliable(fool proof) pseudo random generator.
>>> Anyone working on this?
>>>
>>> We may extends rand()/mt_rand() so that they work with larger range by
>>> calling random generators multiple times. If this is implemented, the
>>> patch raises errors is not required. mt_rand() extension breaks compatibility
>>> with other MT rand implementations, but we already broke it. Therefore, it
>>> should not matter. (This was the reason why mt_rand() wasn't made to support
>>> 64bit int, IIRC)
>>>
>>> IMO, we should provide better pseudo random generators than now.
>>>
>>> Any comments?
>>
>> This is edge case that produces odd/even numbers only.
>> https://3v4l.org/kYpAF
>> This is the worst case. Current implementation uses 32bit int for
>> generating random numbers and any number exceeds the range could be
>> biased because the result is computed by RAND_RANGE() which uses
>> double for arithmetic. PHP allows huge min/max without any
>> warning/error under 64bit OS.
>>
>> Limiting range can prevent this and we can be sure rand()/mt_rand()
>> produce the same random numbers on both 32/64 bit platform. (If rand()
>> uses the same algorithm, of course)
>> https://gist.github.com/yohgaki/1519f65dffd66735bafe
>> Valid range is limited to 2^31 according to current implementation.
>>
>> Actual range could be determined by PHP_RAND_MAX/PHP_MT_RAND_MAX, but
>> I heard Windows' PHP_RAND_MAX is only 2^15. Is this correct? I don't
>> prefer to have strict range error for these systems. I'll write patch
>> that does not raise warning for smaller PHP_RAND_MAX. It's unreliable
>> pseudo random generator anyway. It should not matter much.
>>
>>
>> Any comments for adding out of range warnings to rand()/mt_rand()? If
>> nobody has comment on this, I'll write RFC for additional warnings.
>> Anyone prefer to extend rand()/mt_rand() for 64bit OSes?
>
> Thing is the MT algorithm may not be design to do that, at all but was
> designed for 32-bit integers. I won't be in favor of changing (again)
> the implementation without any safety about the results (safety means
> compliance or be even more different from the MT algorithms).
>
> Adding warning when the given ranges are out of bounds sound good, and
> reduce them within the maximum range.
>
> I joined the other person proposing not to change anything else in our
> MT implementation as there is little to no benefit.
>
> If we need pure implementation of one pseudo RNG or another, we can
> provide new implementations. But changing again this one may bring
> more troubles than what we are trying to solve.
>
>
> Cheers,
> --
> Pierre
>
> @pierrejoye | http://www.libgd.org
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>

If we're going to consider new non-cryptographic random number
generators, PCG is worth considering. ;)

http://www.pcg-random.org/

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>