Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94203
Return-Path: <fsb@thefsb.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 54298 invoked from network); 22 Jun 2016 14:23:22 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Jun 2016 14:23:22 -0000
Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 108.166.43.91 as permitted sender)
X-PHP-List-Original-Sender: fsb@thefsb.org
X-Host-Fingerprint: 108.166.43.91 smtp91.ord1c.emailsrvr.com Linux 2.6
Received: from [108.166.43.91] ([108.166.43.91:44811] helo=smtp91.ord1c.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 1D/41-43024-95F9A675 for <internals@lists.php.net>; Wed, 22 Jun 2016 10:23:22 -0400
Received: from smtp4.relay.ord1c.emailsrvr.com (localhost.localdomain [127.0.0.1])
	by smtp4.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id 1E24318033A;
	Wed, 22 Jun 2016 10:23:19 -0400 (EDT)
X-Auth-ID: fsb@thefsb.org
Received: by smtp4.relay.ord1c.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id E2FA318022B;
	Wed, 22 Jun 2016 10:23:18 -0400 (EDT)
X-Sender-Id: fsb@thefsb.org
Received: from yossy.local (c-66-30-62-12.hsd1.ma.comcast.net [66.30.62.12])
	(using TLSv1.2 with cipher DHE-RSA-AES128-SHA)
	by 0.0.0.0:587 (trex/5.5.4);
	Wed, 22 Jun 2016 10:23:19 -0400
To: Lester Caine <lester@lsces.co.uk>, internals@lists.php.net
References: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
 <e28227a3-d5b1-b971-3362-c6d31768aa44@fleshgrinder.com>
 <cf009374-d159-886c-3a25-643ebb7f91e5@gmail.com>
 <f5807c28-6f0e-d7a7-b460-335cb0354d07@seld.be>
 <2f92fa26-5f50-0e68-c1fc-de79f17c201e@fleshgrinder.com>
 <8e046aae-b87b-6c6d-da41-986f8ad9aa54@gmail.com>
 <57699446.1080905@lsces.co.uk>
Message-ID: <1eac33b2-90ef-10a7-0595-5cc018a99921@thefsb.org>
Date: Wed, 22 Jun 2016 10:23:18 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0)
 Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <57699446.1080905@lsces.co.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] RNG fixes
From: fsb@thefsb.org (Tom Worster)

On 6/21/16 3:23 PM, Lester Caine wrote:

> Can someone explain why I should need 'crypto safe' random numbers when
> ALL *I* use rand for is to give a random order to content items on the
> page.

I cannot.


> Something more in sync with the shuffle and array_rand without the
> need to recode to actually use the array functions, or simply select an
> entry at random from a list.

Similarly, when I randomize the time before a daemon next wakes up, I 
don't think random_int() is appropriate. mt_rand() is entirely suitable. 
And upgrading to a more efficient RNG like PCG would be daft.

Tom