php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #72833 Use RDRND operand instead of Mersenne Twister
Submitted: 2016-08-14 15:41 UTC Modified: 2016-08-14 16:11 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: benjamin dot balet at gmail dot com Assigned:
Status: Suspended Package: *Math Functions
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: benjamin dot balet at gmail dot com
New email:
PHP Version: OS:

 

 [2016-08-14 15:41 UTC] benjamin dot balet at gmail dot com
Description:
------------
There are many non-cryptographic applications using the rand function of PHP and I was wondering if it is worth the effort to implement a call to the hardware function RDRND if it is supported by the platform.

Benefits of using RDRND:
* It is seeded with a true random number generator.
* Better source of random numbers than Mersenne Twister algorithm.

Concerns of using RDRND:
* This operand is available on recent Intel CPUs (Ivy Bridge) and only in the coming Zen AMD Architecture.
* A bit slower than Mersenne Twister (if we omit the time it takes to seed the algo from the benchmark).

Benefits of current PHP implementation:
* The code is faster than RDRND if we don't count the generation of the seed number.

Concerns of current PHP implementation:
* A hard-coded limit of a 32 bits integer causes the need of two calls and a shift of the result so as to create a 64 bits number.
* If the generator is not seeded, the PHP makes a syscall in order to get the PID of PHP, whereas RDRND is seeded.
* Maybe considered as obsolete (see #67795).

The implementation (ext/standard/mt_rand.c) would look like

#ifdef __RDRND__
#include <immintrin.h>
// No need to call GENERATE_SEED()
#	ifdef ZEND_ENABLE_ZVAL_LONG64
// Call to _rdrand64_step(uint64_t*);
#	else
// Call to _rdrand32_step(uint32_t*);
#	endif
#else
//current PHP implementation
#endif


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-14 16:11 UTC] requinix@php.net
-Status: Open +Status: Suspended
 [2016-08-14 16:11 UTC] requinix@php.net
This is definitely the kind of thing that needs to be talked about on the internals list instead of here. http://php.net/mailing-lists.php

Throwing out a few comments:
- rand and mt_rand are soft-deprecated in favor of random_int/bytes anyways (PHP 7+); those defer the random generation to the OS (which is how it should be)
- There are concerns about RdRand being potentially backdoor-able
- Linux's urandom may factor in RdRand already, so using that is at least as good as using RdRand alone
- Windows has a crypto API; haven't seen anything to indicate whether or how Windows uses RdRand
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC