Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97792
Return-Path: <lauri.kentta@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 22697 invoked from network); 16 Jan 2017 17:34:35 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Jan 2017 17:34:35 -0000
Authentication-Results: pb1.pair.com header.from=lauri.kentta@gmail.com; sender-id=softfail
Authentication-Results: pb1.pair.com smtp.mail=lauri.kentta@gmail.com; spf=softfail; sender-id=softfail
Received-SPF: softfail (pb1.pair.com: domain gmail.com does not designate 178.62.210.197 as permitted sender)
X-PHP-List-Original-Sender: lauri.kentta@gmail.com
X-Host-Fingerprint: 178.62.210.197 k-piste.dy.fi  
Received: from [178.62.210.197] ([178.62.210.197:53748] helo=k-piste.dy.fi)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F8/BB-00729-5240D785 for <internals@lists.php.net>; Mon, 16 Jan 2017 12:34:29 -0500
Received: from localhost.localdomain ([::1] helo=k-piste.dy.fi)
	by k-piste.dy.fi with esmtp (Exim 4.88)
	(envelope-from <lauri.kentta@gmail.com>)
	id 1cTBAn-00059G-JJ; Mon, 16 Jan 2017 19:34:25 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="=_ef4dddbbb0fae254051fbfbf2dfd8f92"
Date: Mon, 16 Jan 2017 19:34:25 +0200
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: internals@lists.php.net
In-Reply-To: <CAGa2bXak3tZ+kC6EeiA=ZCeynGSZbO-4Hpd1v_1oZVDHpSAvsA@mail.gmail.com>
References: <CAGa2bXbFST=5DkhiJ6zJ1hJ5vZYUo7CnCDp+VXcyvSU-bWcyMg@mail.gmail.com>
 <CAGa2bXak3tZ+kC6EeiA=ZCeynGSZbO-4Hpd1v_1oZVDHpSAvsA@mail.gmail.com>
Message-ID: <71c26cd6df6f59e76dafd31647852c2e@koti.fimnet.fi>
X-Sender: lauri.kentta@gmail.com
User-Agent: Roundcube Webmail/1.2.3
Subject: Re: [PHP-DEV] Re: Improving mt_rand() seed
From: lauri.kentta@gmail.com (=?UTF-8?Q?Lauri_Kentt=C3=A4?=)

--=_ef4dddbbb0fae254051fbfbf2dfd8f92
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8;
 format=flowed

On Mon, Jan 16, 2017 at 4:04 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> 
wrote:
> We know this kind of seed is guessable. i.e. Our session id is 
> compromised
> by this kind of code.

Maybe you should fix session id instead of (or in addition to) mt_rand.

On 2017-01-16 09:16, Yasuo Ohgaki wrote:
> Comments are appreciated.

Simply set BG(state)[0] to 0x80000000U and fill the rest with random.
That's practically like the MT reference implementation init_by_array.
See the attached patch. Feel free to commit.

-- 
Lauri Kenttä
--=_ef4dddbbb0fae254051fbfbf2dfd8f92
Content-Transfer-Encoding: base64
Content-Type: text/x-diff;
 name=0001-mt_rand-Seed-with-php_random_bytes.txt
Content-Disposition: attachment;
 filename=0001-mt_rand-Seed-with-php_random_bytes.txt;
 size=1662

RnJvbSA2OTYwNTNjOTA2Yzg1NTI0MmUxZjk1ZjMzMTFmNWRiOTNjOGYzNzIzIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/TGF1cmk9MjBLZW50dD1DMz1BND89IDxsYXVy
aS5rZW50dGFAZ21haWwuY29tPgpEYXRlOiBNb24sIDE2IEphbiAyMDE3IDE4OjU0OjMzICswMjAw
ClN1YmplY3Q6IFtQQVRDSF0gbXRfcmFuZDogU2VlZCB3aXRoIHBocF9yYW5kb21fYnl0ZXMKCi0t
LQogZXh0L3N0YW5kYXJkL210X3JhbmQuYyB8IDIyICsrKysrKysrKysrKysrKysrLS0tLS0KIDEg
ZmlsZSBjaGFuZ2VkLCAxNyBpbnNlcnRpb25zKCspLCA1IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdp
dCBhL2V4dC9zdGFuZGFyZC9tdF9yYW5kLmMgYi9leHQvc3RhbmRhcmQvbXRfcmFuZC5jCmluZGV4
IDA1OTRhYjI0ZTEuLmNiZmMzZWRlY2UgMTAwNjQ0Ci0tLSBhL2V4dC9zdGFuZGFyZC9tdF9yYW5k
LmMKKysrIGIvZXh0L3N0YW5kYXJkL210X3JhbmQuYwpAQCAtMjcsNiArMjcsNyBAQAogCiAjaW5j
bHVkZSAicGhwLmgiCiAjaW5jbHVkZSAicGhwX3JhbmQuaCIKKyNpbmNsdWRlICJwaHBfcmFuZG9t
LmgiCiAjaW5jbHVkZSAicGhwX210X3JhbmQuaCIKIAogLyogTVQgUkFORCBGVU5DVElPTlMgKi8K
QEAgLTE1OCw2ICsxNTksMTcgQEAgUEhQQVBJIHZvaWQgcGhwX210X3NyYW5kKHVpbnQzMl90IHNl
ZWQpCiB9CiAvKiB9fX0gKi8KIAorLyoge3t7IHBocF9tdF9zcmFuZF9hdXRvCisgKi8KK1BIUEFQ
SSB2b2lkIHBocF9tdF9zcmFuZF9hdXRvKHZvaWQpCit7CisJcGhwX3JhbmRvbV9ieXRlc190aHJv
dyhCRyhzdGF0ZSkrMSwgc2l6ZW9mKEJHKHN0YXRlKVswXSkgKiAoTi0xKSk7CisJQkcoc3RhdGUp
WzBdID0gMHg4MDAwMDAwMFU7CisJcGhwX210X3JlbG9hZCgpOworCUJHKG10X3JhbmRfaXNfc2Vl
ZGVkKSA9IDE7Cit9CisvKiB9fX0gKi8KKwogLyoge3t7IHBocF9tdF9yYW5kCiAgKi8KIFBIUEFQ
SSB1aW50MzJfdCBwaHBfbXRfcmFuZCh2b2lkKQpAQCAtMTY4LDcgKzE4MCw3IEBAIFBIUEFQSSB1
aW50MzJfdCBwaHBfbXRfcmFuZCh2b2lkKQogCXJlZ2lzdGVyIHVpbnQzMl90IHMxOwogCiAJaWYg
KFVORVhQRUNURUQoIUJHKG10X3JhbmRfaXNfc2VlZGVkKSkpIHsKLQkJcGhwX210X3NyYW5kKEdF
TkVSQVRFX1NFRUQoKSk7CisJCXBocF9tdF9zcmFuZF9hdXRvKCk7CiAJfQogCiAJaWYgKEJHKGxl
ZnQpID09IDApIHsKQEAgLTE5Nyw5ICsyMDksNiBAQCBQSFBfRlVOQ1RJT04obXRfc3JhbmQpCiAJ
CVpfUEFSQU1fTE9ORyhtb2RlKQogCVpFTkRfUEFSU0VfUEFSQU1FVEVSU19FTkQoKTsKIAotCWlm
IChaRU5EX05VTV9BUkdTKCkgPT0gMCkKLQkJc2VlZCA9IEdFTkVSQVRFX1NFRUQoKTsKLQogCXN3
aXRjaCAobW9kZSkgewogCQljYXNlIE1UX1JBTkRfUEhQOgogCQkJQkcobXRfcmFuZF9tb2RlKSA9
IE1UX1JBTkRfUEhQOwpAQCAtMjA4LDcgKzIxNywxMCBAQCBQSFBfRlVOQ1RJT04obXRfc3JhbmQp
CiAJCQlCRyhtdF9yYW5kX21vZGUpID0gTVRfUkFORF9NVDE5OTM3OwogCX0KIAkKLQlwaHBfbXRf
c3JhbmQoc2VlZCk7CisJaWYgKFpFTkRfTlVNX0FSR1MoKSA9PSAwKQorCQlwaHBfbXRfc3JhbmRf
YXV0bygpOworCWVsc2UKKwkJcGhwX210X3NyYW5kKHNlZWQpOwogfQogLyogfX19ICovCiAKLS0g
CjIuMTEuMAoK
--=_ef4dddbbb0fae254051fbfbf2dfd8f92--