Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94180
Return-Path: <php@fleshgrinder.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 72042 invoked from network); 21 Jun 2016 19:59:44 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Jun 2016 19:59:44 -0000
Authentication-Results: pb1.pair.com smtp.mail=php@fleshgrinder.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=php@fleshgrinder.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain fleshgrinder.com from 77.244.243.85 cause and error)
X-PHP-List-Original-Sender: php@fleshgrinder.com
X-Host-Fingerprint: 77.244.243.85 mx104.easyname.com  
Received: from [77.244.243.85] ([77.244.243.85:36480] helo=mx206.easyname.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3D/E4-43024-BAC99675 for <internals@lists.php.net>; Tue, 21 Jun 2016 15:59:39 -0400
Received: from cable-81-173-134-219.netcologne.de ([81.173.134.219] helo=[192.168.178.20])
	by mx.easyname.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.84_2)
	(envelope-from <php@fleshgrinder.com>)
	id 1bFRpe-0005Xf-Kv; Tue, 21 Jun 2016 19:59:34 +0000
Reply-To: internals@lists.php.net
References: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
 <e28227a3-d5b1-b971-3362-c6d31768aa44@fleshgrinder.com>
 <cf009374-d159-886c-3a25-643ebb7f91e5@gmail.com>
 <f5807c28-6f0e-d7a7-b460-335cb0354d07@seld.be>
 <2f92fa26-5f50-0e68-c1fc-de79f17c201e@fleshgrinder.com>
 <8e046aae-b87b-6c6d-da41-986f8ad9aa54@gmail.com>
 <57699446.1080905@lsces.co.uk>
To: Lester Caine <lester@lsces.co.uk>, internals@lists.php.net
Message-ID: <d2964153-4b38-3830-7140-26742d6df150@fleshgrinder.com>
Date: Tue, 21 Jun 2016 21:59:25 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <57699446.1080905@lsces.co.uk>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="d6sQN45ggXJsBoge7XnNgHGDSBHmbwo0A"
X-ACL-Warn: X-DNSBL-BARRACUDACENTRAL
Subject: Re: [PHP-DEV] [RFC] RNG fixes
From: php@fleshgrinder.com (Fleshgrinder)

--d6sQN45ggXJsBoge7XnNgHGDSBHmbwo0A
Content-Type: multipart/mixed; boundary="v7c5XMeK5Djo5LiKPu7mrem7XBmqLVAV4"
From: Fleshgrinder <php@fleshgrinder.com>
Reply-To: internals@lists.php.net
To: Lester Caine <lester@lsces.co.uk>, internals@lists.php.net
Message-ID: <d2964153-4b38-3830-7140-26742d6df150@fleshgrinder.com>
Subject: Re: [PHP-DEV] [RFC] RNG fixes
References: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
 <e28227a3-d5b1-b971-3362-c6d31768aa44@fleshgrinder.com>
 <cf009374-d159-886c-3a25-643ebb7f91e5@gmail.com>
 <f5807c28-6f0e-d7a7-b460-335cb0354d07@seld.be>
 <2f92fa26-5f50-0e68-c1fc-de79f17c201e@fleshgrinder.com>
 <8e046aae-b87b-6c6d-da41-986f8ad9aa54@gmail.com>
 <57699446.1080905@lsces.co.uk>
In-Reply-To: <57699446.1080905@lsces.co.uk>

--v7c5XMeK5Djo5LiKPu7mrem7XBmqLVAV4
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 6/21/2016 9:23 PM, Lester Caine wrote:
> Can someone explain why I should need 'crypto safe' random numbers when=

> ALL *I* use rand for is to give a random order to content items on the
> page. Something more in sync with the shuffle and array_rand without th=
e
> need to recode to actually use the array functions, or simply select an=

> entry at random from a list.
>=20

There are actually only two properties of an RNG that are of interest to
you and that is resource consumption and performance since you do not
rely on predictable sequences, a certain amount of randomness, nor
portability.

mt_rand() provided by PHP is the best choice here right now:

rand       =3D https://3v4l.org/nIIdb/perf#tabs
mt_rand    =3D https://3v4l.org/Wb3ZA/perf#tabs
random_int =3D https://3v4l.org/5SZHW/perf#tabs

But notice how super tiny the difference from random_int() to the others
is. Being a use'n'forget for almost all purposes (predictable sequences
is the only use case it does not cover). Especially note that
random_int() is pretty much as fast as rand() itself!

This led me to my initial question: why do we have so many random
functions in the first place?

Historical? Yes!

Needed?

--=20
Richard "Fleshgrinder" Fussenegger


--v7c5XMeK5Djo5LiKPu7mrem7XBmqLVAV4--

--d6sQN45ggXJsBoge7XnNgHGDSBHmbwo0A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXaZyhAAoJEOKkKcqFPVVr6zAQAMsX7DZg5sJYzG5mSv4mQ2nD
l1RyIHkMovZzX8922mBOxSnH2aonIQlhuQEe4Hh3+XHGBYvruwBlrl9LHKlVzE03
mOwj1qtXJl87A8wB1jd8l+UGBEuigPWb6i8hYCeRI4G5+l/g0ibpQhusHJstWlb1
gENcrP6RSoX8OgVX655TcrfIIIOWv9KHvVUoqbhzsLpFn3EkSVt3KA2ZzkgvliO0
tnahMttjRKr4Q9UO3P15YwcoFbN8y1TkfD3DdzpNPoSjHt0qtl/9IlLW6D9UOFKd
b1N4hyVJDSvWE2NaR9cYeiDsR4Uvb11L3UF6VCvuiVVM1nuT06VJNBjwwdxBF6/O
0Tjrxx3jFDz1NlMxSHgULYeEoqEv/ds0PbUbZlTTxCikUitEBEFAYADFRldbZ/ET
18HTMS2pQGsJF1jpQI/n2I+yCST3yKbZwTxl4dtjtGMnb+Udt/AfqdFdaWaL+iVh
UBxsGyZAoGHFsAcVRz/xkzTszllng7eY8k9YZOjMIIo66qhOf2QauQljOY8Cpu8M
/e7GLCpOS2oiY1lVY6oBvPzJFEHrKEUYp+RNtMc85e23rXtvfnPard62D/nYNnfe
u1xbu/hfM4FYlClGiFeOkJ9yvGBD+xclbu/Yl/vPSqftE6xfRca2UNrzUW6Wv1/d
MssUnmx1jinJfwqNFrVL
=Dm8B
-----END PGP SIGNATURE-----

--d6sQN45ggXJsBoge7XnNgHGDSBHmbwo0A--