PHP :: Bug #27052 :: rand() returns easily predictable numbers

Bug #27052	rand() returns easily predictable numbers
Submitted:	2004-01-26 15:53 UTC	Modified:	2004-01-27 05:07 UTC
From:	webmaster at armondc dot com	Assigned:
Status:	Not a bug	Package:	Math related
PHP Version:	4.3.5RC2-dev	OS:	Windows 2000 Professional
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	webmaster at armondc dot com
New email:
PHP Version:		OS:

New Comment:

[2004-01-26 15:53 UTC] webmaster at armondc dot com

Description:
------------
I'm not sure if this is a very major problem, or even a bug, but here goes:

It seems rand() on Windows is very predictable.

I've tried it on 2 Windows Systems, and they were both predictable.  It showed a breif unpredictable segment, then followed by the same string of characters over and over, and finally a few more unpredictable characters.

I tried this on a FreeBSD 5.2 System, and it was unpreditable enough.  Seems to be a windows-only problem.

I also noticed bug#11108 - It seems similar, but the submitter was using his own seeds, and I am using without.

Reproduce code:
---------------
<?php
// This will reproduce the problem
// on windows
for($x = 0; $x < 500; $x++) {
  echo chr((rand()%32)+65);
} 

// This is a quick-fix, but
// goes agaist the documentation's
// 'no need for srand()'
for($x = 0; $x < 500; $x++) {
	srand(hexdec(substr(md5(microtime()), 0, 8)));
	echo chr((rand()%32)+65);
}

?>

Expected result:
----------------
Something a bit random like:

HEOSITFS[ZYH_EVIVVXSLCWRHHC_]_L^PIBTC\TXPBWQLCM^VZSU`UHOG[\VF[KCDGFZM^Q\IG^KAIYPIYBSBIMGHXIBMPHLY\OAZMYAZPJ_`D`F\X\QXR[GP]DQLRHMYIOERBMEKBDJMJPN]J\\KPES^EGRKKO^S[`XL\SSHQXOYQU_JDMM`ZEUEOQOYMHJPYDTRRU_URHYJGXRQYDYADD]OBVUGC^GGSXPRJJAOAKRAYYN^Q\`XFQJNOWQKAJBFONFXNDZFFIMYRL`ROH^]IM_MINJI\MJJAVG`]_B_EAV`C\O_\DHCHLX_NIO`U^KMJF\`K]VZDOZ_FAWCZC_IQK^[NTPZCC]XEFZ[`\AG[PV^XLPRYVAS]ZPH`^WAXYAZYGK_M_QK`F]PRMP^BBPTRV^KV_VDOLFIM]WQNHVF^DYWGGSGLJ_ZMODG[Z_AAXBYD^FS\MITLZESC`DXLH]NWNIVWZZMVMSXFQMG[O[W[YSPVMTQLHD

Actual result:
--------------
An easily spotted pattern:

]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2004-01-26 15:56 UTC] webmaster at armondc dot com

On the "actual result" its not as easily spotted without wrapping.  This should give a better picture:

]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F
[LIBGHU^SDAZ_`MVK\YRWXENCTQJOP]F[LIBGHU^SDAZ_`MVK\

[2004-01-26 19:04 UTC] sniper@php.net

Please try using this CVS snapshot:

  http://snaps.php.net/php4-STABLE-latest.tar.gz
 
For Windows:
 
  http://snaps.php.net/win32/php4-win32-STABLE-latest.zip

Some rand() related bugs have already been fixed..

[2004-01-26 20:03 UTC] webmaster at armondc dot com

I tried it on 4.3.5RC2-dev, and it's still relativly the same.  The pattern is slightly different, but is still as predictable as before.

[2004-01-26 20:06 UTC] sniper@php.net

RTFM:

Note:  On some platforms (such as Windows) RAND_MAX  is only 32768. If you require a range larger than 32768, consider using mt_rand() instead.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 14:01:30 2024 UTC