Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:98042
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 91180 invoked from network); 30 Jan 2017 12:33:34 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 30 Jan 2017 12:33:34 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:50404] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 87/E4-51557-B923F885 for <internals@lists.php.net>; Mon, 30 Jan 2017 07:33:34 -0500
Received: (qmail 78316 invoked by uid 89); 30 Jan 2017 12:33:28 -0000
Received: from unknown (HELO mail-wm0-f41.google.com) (yohgaki@ohgaki.net@74.125.82.41)
  by 0 with ESMTPA; 30 Jan 2017 12:33:28 -0000
Received: by mail-wm0-f41.google.com with SMTP id v77so45515258wmv.0
        for <internals@lists.php.net>; Mon, 30 Jan 2017 04:33:27 -0800 (PST)
X-Gm-Message-State: AIkVDXKYtMggfMBvP7aFkE0FIbdqqHRKHVKTpxLePF1/2w4N5XXdCDUd3u7nrZafqWzefPTTg0PB/0zmboJwKQ==
X-Received: by 10.28.51.205 with SMTP id z196mr13091568wmz.22.1485779601470;
 Mon, 30 Jan 2017 04:33:21 -0800 (PST)
MIME-Version: 1.0
Received: by 10.195.12.8 with HTTP; Mon, 30 Jan 2017 04:32:40 -0800 (PST)
Date: Mon, 30 Jan 2017 21:32:40 +0900
X-Gmail-Original-Message-ID: <CAGa2bXar3gUv7Ejwv2ngef3-4xu5+RYsCG26X7=0wPwf5kMaMQ@mail.gmail.com>
Message-ID: <CAGa2bXar3gUv7Ejwv2ngef3-4xu5+RYsCG26X7=0wPwf5kMaMQ@mail.gmail.com>
To: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a11444e805c444305474f058e
Subject: Reseeding rand()/mt_rand()
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a11444e805c444305474f058e
Content-Type: text/plain; charset=UTF-8

Hi all,

Following code is problematic and needs proper reseeding to work.

// We need the same random numbers here
mt_srand(1234);
for ($i=0; $i < 10; $i++) {
   $my_rand[] = mt_rand();
}

Somewhere later in code

// We need somewhat random numbers for non CS purpose
for ($i=0; $i < 10; $i++) {
   $my_other_rand[] = mt_rand();
}

$my_other_rand array is not random at all for the app. This applies to
rand()/srand() as well as all functions that use rand and rand/MT rand
internally. e.g. shuffle(). rand() is alias of mt_rand() in PHP 7.1, it can
cause serious problem. i.e. srand(1234) forces mt_rand() to generate non
random numbers.

In addition, this behavior persists across requests because once
BG(mt_rand_is_seeded)/BG(rand_is_seeded) are set to 1, they are kept for
the process. Therefore, subsequent mt_rand()/rand(), including any
functions use rand/MT rand internally such as shuffle(), call in other
requests are not random.

In order to get random numbers, we need to reseed RNG.

Currently, it is possible to reseed like (int overflow is ignored)

$seed = unpack("l", file_get_contents("/dev/urandom", false, NULL, 0, 4));
mt_srand($seed[1]);
for ($i=0; $i < 10; $i++) {
   $my_other_rand[] = mt_rand();
}

OR for PHP 7

mt_srand(random_int(PHP_INT_MIN, PHP_INT_MAX));
for ($i=0; $i < 10; $i++) {
   $my_other_rand[] = mt_rand();
}

Requiring these reseeding code for most mt_rand()/rand() calls is not
preferred behavior.

Proposal:
1) Add BG(mt_rand_is_user_seeded) and BG(rand_is_user_seeded). If they are
1, set BG(mt_rand_is_seeded)=0 and BG(rand_is_seeded)=0.
2) Make srand(0) and mt_srand(0) to force RNG reseeding by PHP.

Outcome:
1) resolves "across requests" non random numbers.
2) simplifies reseeding.

Problem:
1) Added new BG values are BC for released versions. Simply reseeding by
current GENERATE_SEED() macro is weak and too easy to be guessed even with
MT rand. i.e. Setting BG(mt_rand_is_seeded)=0 and BG(rand_is_seeded)=0 at
RINIT is not exactly a good idea. (There is improvement discussion in
"Improving mt_rand() seed" thread)
2) Manual reseeding API, srand(0)/mt_srand(0), is not compatible with older
versions.

Open Issue:
1) and 2), apply these to released versions or not.

This idea is acceptable, but I don't like this idea myself.

It seems we should do something for this, documentation for released
versions at least.
Any better ideas are appreciated.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a11444e805c444305474f058e--