php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27052 rand() returns easily predictable numbers
Submitted: 2004-01-26 15:53 UTC Modified: 2004-01-27 05:07 UTC
From: webmaster at armondc dot com Assigned:
Status: Not a bug Package: Math related
PHP Version: 4.3.5RC2-dev OS: Windows 2000 Professional
Private report: No CVE-ID: None
 [2004-01-26 15:53 UTC] webmaster at armondc dot com
Description:
------------
I'm not sure if this is a very major problem, or even a bug, but here goes:

It seems rand() on Windows is very predictable.

I've tried it on 2 Windows Systems, and they were both predictable.  It showed a breif unpredictable segment, then followed by the same string of characters over and over, and finally a few more unpredictable characters.

I tried this on a FreeBSD 5.2 System, and it was unpreditable enough.  Seems to be a windows-only problem.

I also noticed bug#11108 - It seems similar, but the submitter was using his own seeds, and I am using without.

Reproduce code:
---------------
<?php
// This will reproduce the problem
// on windows
for($x = 0; $x < 500; $x++) {
  echo chr((rand()%32)+65);
} 

// This is a quick-fix, but
// goes agaist the documentation's
// 'no need for srand()'
for($x = 0; $x < 500; $x++) {
	srand(hexdec(substr(md5(microtime()), 0, 8)));
	echo chr((rand()%32)+65);
}

?>

Expected result:
----------------
Something a bit random like:

HEOSITFS[ZYH_EVIVVXSLCWRHHC_]_L^PIBTC\TXPBWQLCM^VZSU`UHOG[\VF[KCDGFZM^Q\IG^KAIYPIYBSBIMGHXIBMPHLY\OAZMYAZPJ_`D`F\X\QXR[GP]DQLRHMYIOERBMEKBDJMJPN]J\\KPES^EGRKKO^S[`XL\SSHQXOYQU_JDMM`ZEUEOQOYMHJPYDTRRU_URHYJGXRQYDYADD]OBVUGC^GGSXPRJJAOAKRAYYN^Q\`XFQJNOWQKAJBFONFXNDZFFIMYRL`ROH^]IM_MINJI\MJJAVG`]_B_EAV`C\O_\DHCHLX_NIO`U^KMJF\`K]VZDOZ_FAWCZC_IQK^[NTPZCC]XEFZ[`\AG[PV^XLPRYVAS]ZPH`^WAXYAZYGK_M_QK`F]PRMP^BBPTRV^KV_VDOLFIM]WQNHVF^DYWGGSGLJ_ZMODG[Z_AAXBYD^FS\MITLZESC`DXLH]NWNIVWZZMVMSXFQMG[O[W[YSPVMTQLHD

Actual result:
--------------
An easily spotted pattern:

]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-01-26 15:56 UTC] webmaster at armondc dot com
On the "actual result" its not as easily spotted without wrapping.  This should give a better picture:

]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\
 [2004-01-26 19:04 UTC] sniper@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

Some rand() related bugs have already been fixed..

 [2004-01-26 20:03 UTC] webmaster at armondc dot com
I tried it on 4.3.5RC2-dev, and it's still relativly the same.  The pattern is slightly different, but is still as predictable as before.
 [2004-01-26 20:06 UTC] sniper@php.net
RTFM:

Note:  On some platforms (such as Windows) RAND_MAX  is only 32768. If you require a range larger than 32768, consider using mt_rand() instead.

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 05:01:30 2024 UTC