Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94225
Return-Path: <fsb@thefsb.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 52642 invoked from network); 23 Jun 2016 13:18:43 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Jun 2016 13:18:43 -0000
Authentication-Results: pb1.pair.com header.from=fsb@thefsb.org; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=fsb@thefsb.org; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain thefsb.org designates 173.203.187.123 as permitted sender)
X-PHP-List-Original-Sender: fsb@thefsb.org
X-Host-Fingerprint: 173.203.187.123 smtp123.iad3a.emailsrvr.com Linux 2.6
Received: from [173.203.187.123] ([173.203.187.123:49643] helo=smtp123.iad3a.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E2/A6-06825-0B1EB675 for <internals@lists.php.net>; Thu, 23 Jun 2016 09:18:41 -0400
Received: from smtp16.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1])
	by smtp16.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 7C55A180292;
	Thu, 23 Jun 2016 09:18:37 -0400 (EDT)
X-Auth-ID: fsb@thefsb.org
Received: by smtp16.relay.iad3a.emailsrvr.com (Authenticated sender: fsb-AT-thefsb.org) with ESMTPSA id 18509180244;
	Thu, 23 Jun 2016 09:18:36 -0400 (EDT)
X-Sender-Id: fsb@thefsb.org
Received: from [10.0.1.2] (c-66-30-62-12.hsd1.ma.comcast.net [66.30.62.12])
	(using TLSv1 with cipher DES-CBC3-SHA)
	by 0.0.0.0:465 (trex/5.5.4);
	Thu, 23 Jun 2016 09:18:37 -0400
User-Agent: Microsoft-MacOutlook/14.6.5.160527
Date: Thu, 23 Jun 2016 09:18:33 -0400
To: Nikita Popov <nikita.ppv@gmail.com>,
	Leigh <leight@gmail.com>
CC: Rowan Collins <rowan.collins@gmail.com>,
	PHP internals <internals@lists.php.net>
Message-ID: <D3915644.6FA67%fsb@thefsb.org>
Thread-Topic: [PHP-DEV] [RFC] RNG fixes
References: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
 <e28227a3-d5b1-b971-3362-c6d31768aa44@fleshgrinder.com>
 <cf009374-d159-886c-3a25-643ebb7f91e5@gmail.com>
 <f5807c28-6f0e-d7a7-b460-335cb0354d07@seld.be>
 <2f92fa26-5f50-0e68-c1fc-de79f17c201e@fleshgrinder.com>
 <8b48f847-bbba-03f8-4b2e-9cd0841b484e@gmail.com>
 <65ea0142-c2d6-f4ed-e98e-b7c7fbc51c58@fleshgrinder.com>
 <CAF+90c9N3Mk99OOhLi_NgM6GKYhh0a5gXk2nH1fmnyqz=f0Zbw@mail.gmail.com>
In-Reply-To: <CAF+90c9N3Mk99OOhLi_NgM6GKYhh0a5gXk2nH1fmnyqz=f0Zbw@mail.gmail.com>
Mime-version: 1.0
Content-type: text/plain;
	charset="UTF-8"
Content-transfer-encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] RNG fixes
From: fsb@thefsb.org (Tom Worster)

On 6/22/16, 5:19 PM, "Nikita Popov" <nikita.ppv@gmail.com> wrote:

>I haven't been following this thread, just jumping in to comment on this
>point. My suggestion to deprecate rand() was motivated by the fact that
>rand() produces extremely low quality random numbers on Windows, while at
>the same time having the name people are most likely to try first if they
>want to have a random number. It's a bad state of things if there's a
>rand() and an mt_rand() function and the latter is preferable in *all*
>situations, while the former is more likely to be used. However, this
>concern is completely alleviated by aliasing rand() to mt_rand(). If we
>do this, I see no reason to deprecate rand(), at least in the short term.

Alternatively, if you fix rand() by making *it* the new, fast,
platform-independent RNG (e.g. Xoroshiro128+) and leave mt_rand() alone
then:

1. The "bad state of things" you described is resolved.

2. The various complaints about mt_rand() become irrelevant because rand()
will be preferable in *all* situations (except security and backwards
compat).

Tom