Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94226
Return-Path: <nikita.ppv@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 56075 invoked from network); 23 Jun 2016 13:57:56 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Jun 2016 13:57:56 -0000
Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.179 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@gmail.com
X-Host-Fingerprint: 209.85.161.179 mail-yw0-f179.google.com  
Received: from [209.85.161.179] ([209.85.161.179:35607] helo=mail-yw0-f179.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 41/17-06825-3EAEB675 for <internals@lists.php.net>; Thu, 23 Jun 2016 09:57:55 -0400
Received: by mail-yw0-f179.google.com with SMTP id l125so71293563ywb.2
        for <internals@lists.php.net>; Thu, 23 Jun 2016 06:57:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=g6D0k9xAr6R6QGhydqo6AX6x/NMfdP1r8BTLD5UfV3A=;
        b=Pv6MipI5N8ZrKYVCnH3renolnLRzYiudPkPXyjrAJDFzKNokg+E8mL3SJ++HwG7JeH
         GieCCK6eZBjhFJ7cgbGnSYBbtRiUFVSYut1iLc0OKZbhfqSdzqutjVaF7Y0xUvND5baN
         vvrO8jLUqTHW8NFosp+eMjgSi8kXfjK8KyKu99zGrWCH/7sxRFKOURm/oWUu6Az+0p/o
         p8cOPGvQbKjcDBdVnEgtY7ceXFw+bpKhk0jQfi8B21WNIeTJMTDGN/h3UxmuTPkFpiaa
         FbQSvTQDlTKS/9aOM5xcuh9fvmnzlaBv/n4PENZiFZmwJkcgGDncpooPGG2dAGL/+Xsk
         WfRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=g6D0k9xAr6R6QGhydqo6AX6x/NMfdP1r8BTLD5UfV3A=;
        b=EYq9EVqh4zeHbrVkyzzhYNFclWGvUaiJCQ+y/nROKV5YVYH59Nys0dnaRPTnKMafJO
         eSyG8tMECcLCi/QyZpT7kljg0GlKsgjAPyD1RzNpiFqtou1G+V13kt0kmS+q3UjAgcRl
         pmr8i1ZfZPuAZZ0fV3cjMdhnXy0KfLAiwqd2/m3tRo9WRkWqgRHUCVTaSA6GlCOrWcR2
         UBtx1/Ll4s1l50f7KrPiX2XdzkXhSpoNTcQ/wbDYT3b6VRdk25UB3CMFZ6NQ8z1/kJOl
         wX4DqV8PFXiS+472Eml1lKEbHmD9R0bPuBcXegBWsGnhXnUZtplzaMRwJ55EEKVvzlaM
         HI3Q==
X-Gm-Message-State: ALyK8tLRBjj9EbAZcbS/a2DgjatK2xB9hsgGIFa4duZ1fBPuuqsBBP308m9iFKbQQhekQaOw5eLq7h3mroCiHg==
X-Received: by 10.129.79.202 with SMTP id d193mr16894784ywb.56.1466690273412;
 Thu, 23 Jun 2016 06:57:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.242.129 with HTTP; Thu, 23 Jun 2016 06:57:52 -0700 (PDT)
In-Reply-To: <D3915644.6FA67%fsb@thefsb.org>
References: <CAPwsocFZQdU2bt0OETeJMQYBXVUkK8ygB5jTb4ML3df4GZWdVA@mail.gmail.com>
 <e28227a3-d5b1-b971-3362-c6d31768aa44@fleshgrinder.com> <cf009374-d159-886c-3a25-643ebb7f91e5@gmail.com>
 <f5807c28-6f0e-d7a7-b460-335cb0354d07@seld.be> <2f92fa26-5f50-0e68-c1fc-de79f17c201e@fleshgrinder.com>
 <8b48f847-bbba-03f8-4b2e-9cd0841b484e@gmail.com> <65ea0142-c2d6-f4ed-e98e-b7c7fbc51c58@fleshgrinder.com>
 <CAF+90c9N3Mk99OOhLi_NgM6GKYhh0a5gXk2nH1fmnyqz=f0Zbw@mail.gmail.com> <D3915644.6FA67%fsb@thefsb.org>
Date: Thu, 23 Jun 2016 15:57:52 +0200
Message-ID: <CAF+90c9sONJVu6BFafM8h9DKOK6eaj+xsk_Jt3kd-DTVBVn6Fg@mail.gmail.com>
To: Tom Worster <fsb@thefsb.org>
Cc: Leigh <leight@gmail.com>, Rowan Collins <rowan.collins@gmail.com>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a114d3b0ebe17260535f2702d
Subject: Re: [PHP-DEV] [RFC] RNG fixes
From: nikita.ppv@gmail.com (Nikita Popov)

--001a114d3b0ebe17260535f2702d
Content-Type: text/plain; charset=UTF-8

On Thu, Jun 23, 2016 at 3:18 PM, Tom Worster <fsb@thefsb.org> wrote:

> On 6/22/16, 5:19 PM, "Nikita Popov" <nikita.ppv@gmail.com> wrote:
>
> >I haven't been following this thread, just jumping in to comment on this
> >point. My suggestion to deprecate rand() was motivated by the fact that
> >rand() produces extremely low quality random numbers on Windows, while at
> >the same time having the name people are most likely to try first if they
> >want to have a random number. It's a bad state of things if there's a
> >rand() and an mt_rand() function and the latter is preferable in *all*
> >situations, while the former is more likely to be used. However, this
> >concern is completely alleviated by aliasing rand() to mt_rand(). If we
> >do this, I see no reason to deprecate rand(), at least in the short term.
>
> Alternatively, if you fix rand() by making *it* the new, fast,
> platform-independent RNG (e.g. Xoroshiro128+) and leave mt_rand() alone
> then:
>
> 1. The "bad state of things" you described is resolved.
>
> 2. The various complaints about mt_rand() become irrelevant because rand()
> will be preferable in *all* situations (except security and backwards
> compat).


Imho this is worst solution of all. This means that prior to PHP 7.1
mt_rand() is preferable in all cases and starting with PHP 7.1 rand() is
preferable in all cases. Have fun writing code for that.

I personally have no problem changing mt_rand() to use something other than
MT19937. Given the fact that mt_rand() has been producing random numbers
that do not conform to the MT19937 sequence for years and years and it was
only noticed recently we can say that, without any doubt, nobody is using
mt_rand() to obtain sequences compatible with external MT implementations.
As such it doesn't matter if we switch to something else (apart from the
fact that the sequence changes in *some* way, which is a given with all the
changes we're discussion here.)

Whatever we do, please maintain the invariant that mt_rand() >= rand() in
terms of quality. I recommend doing this by making mt_rand() == rand().

Regards,
Nikita

--001a114d3b0ebe17260535f2702d--