Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97860
Return-Path: <lauri.kentta@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 27629 invoked from network); 18 Jan 2017 16:07:00 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Jan 2017 16:07:00 -0000
Authentication-Results: pb1.pair.com smtp.mail=lauri.kentta@gmail.com; spf=softfail; sender-id=softfail
Authentication-Results: pb1.pair.com header.from=lauri.kentta@gmail.com; sender-id=softfail
Received-SPF: softfail (pb1.pair.com: domain gmail.com does not designate 178.62.210.197 as permitted sender)
X-PHP-List-Original-Sender: lauri.kentta@gmail.com
X-Host-Fingerprint: 178.62.210.197 k-piste.dy.fi  
Received: from [178.62.210.197] ([178.62.210.197:33352] helo=k-piste.dy.fi)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 8B/39-00729-3A29F785 for <internals@lists.php.net>; Wed, 18 Jan 2017 11:07:00 -0500
Received: from localhost.localdomain ([::1] helo=k-piste.dy.fi)
	by k-piste.dy.fi with esmtp (Exim 4.88)
	(envelope-from <lauri.kentta@gmail.com>)
	id 1cTsl8-0004jz-2I; Wed, 18 Jan 2017 18:06:50 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Wed, 18 Jan 2017 18:06:50 +0200
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: Nikita Popov <nikita.ppv@gmail.com>, internals@lists.php.net
In-Reply-To: <CAGa2bXaSux=Pq8+9N4wT9gaqjY--N=D9WwH0560=JEUjutd5LA@mail.gmail.com>
References: <CAGa2bXbFST=5DkhiJ6zJ1hJ5vZYUo7CnCDp+VXcyvSU-bWcyMg@mail.gmail.com>
 <CAGa2bXak3tZ+kC6EeiA=ZCeynGSZbO-4Hpd1v_1oZVDHpSAvsA@mail.gmail.com>
 <71c26cd6df6f59e76dafd31647852c2e@koti.fimnet.fi>
 <CAGa2bXY0djrgpbC_wNGeRyciNygS59hmuaUaZG-=vAt0dZoxxA@mail.gmail.com>
 <142a3537a99809cf23d78e0eaadc3aef@gmail.com>
 <7a359bb08b0ad8b046534c15492cec91@gmail.com>
 <CAGa2bXZgbsHM-PZcSUoyA8VZ22rmMmjy41tGPUszC2Acr7Zjyw@mail.gmail.com>
 <CAF+90c9jC0r22NEPbeYXMgL8F_qm0rtJ-nXTeqj_PgjhcY6RRw@mail.gmail.com>
 <CAGa2bXaSux=Pq8+9N4wT9gaqjY--N=D9WwH0560=JEUjutd5LA@mail.gmail.com>
Message-ID: <8cfe7a3ea5a05fc3e5347e9af848ada0@gmail.com>
X-Sender: lauri.kentta@gmail.com
User-Agent: Roundcube Webmail/1.2.3
Subject: Re: [PHP-DEV] Re: Improving mt_rand() seed
From: lauri.kentta@gmail.com (=?UTF-8?Q?Lauri_Kentt=C3=A4?=)

On Wed, Jan 18, 2017 at 10:22 AM, Nikita Popov <nikita.ppv@gmail.com>
> The patch initializes the full MT state vector, approximately 2.5KB
> of memory, from a CSPRNG. To put this into perspective, 16 bytes are
> generally considered to be sufficient for cryptographic keying
> material. Does this seem somewhat disproportionate?

It's a lot, but it's also a simple and clean solution. Randomizing only 
16 bytes doesn't really work, because the randomness is twisted so 
slowly in MT19937. Any randomness needs to be stretched over the whole 
state immediately.

If it's not acceptable to randomize the whole state, I'd recommend using 
php_random_int_silent() to generate a single seed. This would be easy to 
implement by simply changing GENERATE_SEED() into a function which first 
tries php_random_int_silent() but has the current method as a fallback. 
This would fix other use cases of GENERATE_SEED() as well.

On 2017-01-18 08:04, Yasuo Ohgaki wrote:
> Lauri,
> You wrote the patch. Could you make Pull Request to github's php-src
> repo?If you prefer not to, I'll make the PR.
> 
> I think your patch should be applied from PHP-7.0 branch.

I've revised my patch (added GENERATE_SEED() fallback), see [1]. I can 
send that against master if the approach is accepted here. If you want 
it in PHP-7.0 or PHP-7.1, please merge it yourself, thank you.

[1] https://github.com/Metabolix/php-src/tree/mt_srand_auto-pr

-- 
Lauri Kenttä