Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:97988
Return-Path: <leight@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76129 invoked from network); 27 Jan 2017 15:13:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Jan 2017 15:13:23 -0000
Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.46 as permitted sender)
X-PHP-List-Original-Sender: leight@gmail.com
X-Host-Fingerprint: 209.85.215.46 mail-lf0-f46.google.com  
Received: from [209.85.215.46] ([209.85.215.46:34805] helo=mail-lf0-f46.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 75/58-28703-2936B885 for <internals@lists.php.net>; Fri, 27 Jan 2017 10:13:22 -0500
Received: by mail-lf0-f46.google.com with SMTP id v186so163488161lfa.1
        for <internals@lists.php.net>; Fri, 27 Jan 2017 07:13:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=aUGz2zWCV8B8XGI84UlVYUx6QAhLR/5Ppp5xlN0Ampo=;
        b=pO4H2EPEn6G4h/jQ+ChJ8s0gnbJ/URQ8EG61NTn2slyw1sAd3pwY+3JxAdqUAwT1ic
         EiXe8ThMs2A8BO5x7q9lAXkIw7Dv8EiD35TA4UME5IF416M9Up5giW9vg24yw58Vjr4P
         MEC2Nu6TGi94LaxbQDwbDv7y/BBiDuxTC2KqXNuWOocdMUXgyCi4mSpwVxCGP/npQ+cr
         SaiASYFgSt7nls/xGYmjEmwARZF7GLr9nzprJ/IMoC3ObJN56rwnat50ROPcG4XoE6dW
         SyG62IYIVaK5BcwoxwrGuIXRW8ld4QUS0aYJXc/X/b/2h7xt1qUF8mjYRwfYm5waS6QO
         TdiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=aUGz2zWCV8B8XGI84UlVYUx6QAhLR/5Ppp5xlN0Ampo=;
        b=ErXIM/di16nLDoIJ7j+WnM2HkZ8bKMqOQhT816gW73XIoSWIEfZkfpml4R22XLHgHf
         bIOOIEThooJV6ueqv2ZLCUrfZrW1h3zRzYxUxu09nGWEONpnuoa3OpSS6T+KphrvHbW8
         u20e/wQMx35G5+XluxltclM/rtB0PAJqjc6zJGBDrvORMy0IMnQBLNrMoHisPY49aUb6
         17Pct6UhMd+fFXZYOpjWP/kgGEJNi1x1c7tE5GywnVcjGKv0a5kWTefBLZdjDg7MqwbD
         Ff5t+hMIOrhhi+lHxJTE/Po8kuvz1Pozkniayiu+g71HoM3RZYP2ILvYbbYBmgCXVuYU
         qaNg==
X-Gm-Message-State: AIkVDXJkTt49+B/V4S+m97Nwu8PrWh66Z0FnBGkwD4myKky79iXAChTBF/TQ92PJEvS2dLFTKiK395sAjwKCCw==
X-Received: by 10.25.39.4 with SMTP id n4mr2690050lfn.0.1485529999178; Fri, 27
 Jan 2017 07:13:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.193.83 with HTTP; Fri, 27 Jan 2017 07:13:18 -0800 (PST)
In-Reply-To: <1913d779b7954d5c099ed66821cb299c@gmail.com>
References: <CAGa2bXbFST=5DkhiJ6zJ1hJ5vZYUo7CnCDp+VXcyvSU-bWcyMg@mail.gmail.com>
 <CAGa2bXak3tZ+kC6EeiA=ZCeynGSZbO-4Hpd1v_1oZVDHpSAvsA@mail.gmail.com>
 <71c26cd6df6f59e76dafd31647852c2e@koti.fimnet.fi> <CAGa2bXY0djrgpbC_wNGeRyciNygS59hmuaUaZG-=vAt0dZoxxA@mail.gmail.com>
 <142a3537a99809cf23d78e0eaadc3aef@gmail.com> <7a359bb08b0ad8b046534c15492cec91@gmail.com>
 <CAGa2bXZgbsHM-PZcSUoyA8VZ22rmMmjy41tGPUszC2Acr7Zjyw@mail.gmail.com>
 <CAF+90c9jC0r22NEPbeYXMgL8F_qm0rtJ-nXTeqj_PgjhcY6RRw@mail.gmail.com>
 <CAGa2bXaSux=Pq8+9N4wT9gaqjY--N=D9WwH0560=JEUjutd5LA@mail.gmail.com>
 <8cfe7a3ea5a05fc3e5347e9af848ada0@gmail.com> <CAGa2bXZzpfEuQDEcQM=eLRit8BRieW5KY5h-H59+1-P0Ehmomw@mail.gmail.com>
 <CAPwsocFypb4m7sA0An0CmJ=izZW_07PzyFVN7bN9A+q81aTEvw@mail.gmail.com>
 <CAGa2bXbn4d7tT_NG2EHzFKvMDWAr=TCPw1L26QJv7jyKE5of+w@mail.gmail.com>
 <a4a9e600b364c9cc70a4f8fcca11cdc7@gmail.com> <CAGa2bXZ7sOsJWkNpSRaBD-6i4mk0d4hxEmHSknf_1CT0iZ8+3g@mail.gmail.com>
 <CAGa2bXZyD4qxRpo-pKuYnpt6A2mjedKgC9_xTvSL2Ojs8y_e6Q@mail.gmail.com>
 <CANUQDChFDB604HyT4f3-FvAmbd5BjoQngT1FKG9JOtDceOv7-Q@mail.gmail.com>
 <CAPwsocEwNxskcOpX2n_t=oNCT1ntg8owmncA=NaCgTo6UqKjVw@mail.gmail.com>
 <CAGa2bXaAYE2=R+m0YbpSLJD4goWFz9tbZXU_nPdczpUUcq-=AQ@mail.gmail.com>
 <CAPwsocFUcODbpjFQsaK3V9c9Ck=LMtk5_g_9H_DdeuyvX+t1qQ@mail.gmail.com> <1913d779b7954d5c099ed66821cb299c@gmail.com>
Date: Fri, 27 Jan 2017 15:13:18 +0000
Message-ID: <CAPwsocGOj19oVTO1Qmo3W0pjxL+K+47sk_9yy3G=NJW_ko8Kkg@mail.gmail.com>
To: =?UTF-8?Q?Lauri_Kentt=C3=A4?= <lauri.kentta@gmail.com>
Cc: Yasuo Ohgaki <yohgaki@ohgaki.net>, Niklas Keller <me@kelunik.com>, 
	Nikita Popov <nikita.ppv@gmail.com>, internals@lists.php.net
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Re: Improving mt_rand() seed
From: leight@gmail.com (Leigh)

On 27 January 2017 at 14:30, Lauri Kentt=C3=A4 <lauri.kentta@gmail.com> wro=
te:
>> This needs to be thought of as 2^32 possible _streams_ with a period
>> of (2^19937)=E2=88=921. Offset within the stream is as important as the =
stream
>> variation itself.
>
> This is not true. There is one stream of period (2^19937)=E2=88=921, and
> the initial state defines the current position in that stream.

I'm not sure about this, the LCG constant used in the initial
generator seems completely unrelated to the rest of the algorithm, so
I don't see how this offsets the stream position.

If it is truly the case, I stand corrected.

>> Even with 2^32 possible initial states every
>> password generated will still have a bit strength of 2^60
>
>
> If the attacker knows the algorithm, the bit strength is only 2^32.
> The remaining 2^28 comes from security through obscurity, which is
> not a generally valid real security thing.

Fair point.

> Anyway, a password should be better generated with CSPRNG, not MT,
> so "hardening" MT is totally irrelevant.

Obviously.

I still maintain that pulling 2.5k from the CSPRNG to power MT is
overkill though. I agree we shouldn't waste time "hardening" it just
because some people misuse it. We can make the initial seeding less
deterministic but I don't think we should do more than that.