Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97796
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 43077 invoked from network); 17 Jan 2017 00:35:09 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Jan 2017 00:35:09 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:33760] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E1/CD-00729-BB66D785 for <internals@lists.php.net>; Mon, 16 Jan 2017 19:35:09 -0500
Received: (qmail 49697 invoked by uid 89); 17 Jan 2017 00:35:04 -0000
Received: from unknown (HELO mail-wm0-f46.google.com) (yohgaki@ohgaki.net@74.125.82.46)
  by 0 with ESMTPA; 17 Jan 2017 00:35:04 -0000
Received: by mail-wm0-f46.google.com with SMTP id r144so198905225wme.1
        for <internals@lists.php.net>; Mon, 16 Jan 2017 16:35:03 -0800 (PST)
X-Gm-Message-State: AIkVDXIlSTWYYNQboSaU2Q4lzIqYov8FTdiXvCnI6eEQelem3+S4pfKGghpK4mZhtvLlmae1wkOiDv5CKL4fhQ==
X-Received: by 10.28.13.131 with SMTP id 125mr3729615wmn.122.1484613296700;
 Mon, 16 Jan 2017 16:34:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.195.12.8 with HTTP; Mon, 16 Jan 2017 16:34:16 -0800 (PST)
In-Reply-To: <71c26cd6df6f59e76dafd31647852c2e@koti.fimnet.fi>
References: <CAGa2bXbFST=5DkhiJ6zJ1hJ5vZYUo7CnCDp+VXcyvSU-bWcyMg@mail.gmail.com>
 <CAGa2bXak3tZ+kC6EeiA=ZCeynGSZbO-4Hpd1v_1oZVDHpSAvsA@mail.gmail.com> <71c26cd6df6f59e76dafd31647852c2e@koti.fimnet.fi>
Date: Tue, 17 Jan 2017 09:34:16 +0900
X-Gmail-Original-Message-ID: <CAGa2bXY0djrgpbC_wNGeRyciNygS59hmuaUaZG-=vAt0dZoxxA@mail.gmail.com>
Message-ID: <CAGa2bXY0djrgpbC_wNGeRyciNygS59hmuaUaZG-=vAt0dZoxxA@mail.gmail.com>
To: =?UTF-8?Q?Lauri_Kentt=C3=A4?= <lauri.kentta@gmail.com>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113eb3922dd01805463f78df
Subject: Re: [PHP-DEV] Re: Improving mt_rand() seed
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a113eb3922dd01805463f78df
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi Lauri,

On Tue, Jan 17, 2017 at 2:34 AM, Lauri Kentt=C3=A4 <lauri.kentta@gmail.com>
wrote:

> On Mon, Jan 16, 2017 at 4:04 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
>
>> We know this kind of seed is guessable. i.e. Our session id is compromis=
ed
>> by this kind of code.
>>
>
> Maybe you should fix session id instead of (or in addition to) mt_rand.
>

It is fixed. I should have written "was compromised".


>
> On 2017-01-16 09:16, Yasuo Ohgaki wrote:
>
>> Comments are appreciated.
>>
>
> Simply set BG(state)[0] to 0x80000000U and fill the rest with random.
> That's practically like the MT reference implementation init_by_array.
> See the attached patch. Feel free to commit.


Thanks. I didn't bother about efficiency, but it is more efficient than
php_random_int(). This will do half of my idea.

Attackers can guess random strings generated by MT rand by checking only
2^32 combinations because there are only 2^32 initial states. MT rand is
not CSPRNG, so users must not use MT rand to generate random string, but
there are many codes do this. To mitigate risk of such code, randomizing
initial state could be done. i.e. Set state somewhere between MT
rand's 2^19937=E2=88=921
cycle. I haven't started research how to do this yet. I appreciate if you
have patch for this, too.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a113eb3922dd01805463f78df--