PHP :: Request #72833 :: Use RDRND operand instead of Mersenne Twister

Use RDRND operand instead of Mersenne Twister

Submitted:

2016-08-14 15:41 UTC

Modified:

2016-08-14 16:11 UTC

Votes:	1
Avg. Score:	3.0 ± 0.0
Reproduced:	0 of 0 (0.0%)

From:

benjamin dot balet at gmail dot com

Assigned:

Status:

Suspended

Package:

*Math Functions

PHP Version:

Irrelevant

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	benjamin dot balet at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2016-08-14 15:41 UTC] benjamin dot balet at gmail dot com

Description:
------------
There are many non-cryptographic applications using the rand function of PHP and I was wondering if it is worth the effort to implement a call to the hardware function RDRND if it is supported by the platform.

Benefits of using RDRND:
* It is seeded with a true random number generator.
* Better source of random numbers than Mersenne Twister algorithm.

Concerns of using RDRND:
* This operand is available on recent Intel CPUs (Ivy Bridge) and only in the coming Zen AMD Architecture.
* A bit slower than Mersenne Twister (if we omit the time it takes to seed the algo from the benchmark).

Benefits of current PHP implementation:
* The code is faster than RDRND if we don't count the generation of the seed number.

Concerns of current PHP implementation:
* A hard-coded limit of a 32 bits integer causes the need of two calls and a shift of the result so as to create a 64 bits number.
* If the generator is not seeded, the PHP makes a syscall in order to get the PID of PHP, whereas RDRND is seeded.
* Maybe considered as obsolete (see #67795).

The implementation (ext/standard/mt_rand.c) would look like

#ifdef __RDRND__
#include <immintrin.h>
// No need to call GENERATE_SEED()
#	ifdef ZEND_ENABLE_ZVAL_LONG64
// Call to _rdrand64_step(uint64_t*);
#	else
// Call to _rdrand32_step(uint32_t*);
#	endif
#else
//current PHP implementation
#endif

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-08-14 16:11 UTC] requinix@php.net

-Status: Open +Status: Suspended

[2016-08-14 16:11 UTC] requinix@php.net

This is definitely the kind of thing that needs to be talked about on the internals list instead of here. http://php.net/mailing-lists.php

Throwing out a few comments:
- rand and mt_rand are soft-deprecated in favor of random_int/bytes anyways (PHP 7+); those defer the random generation to the OS (which is how it should be)
- There are concerns about RdRand being potentially backdoor-able
- Linux's urandom may factor in RdRand already, so using that is at least as good as using RdRand alone
- Windows has a crypto API; haven't seen anything to indicate whether or how Windows uses RdRand

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 01:01:30 2024 UTC