PHP :: Request #61394 :: Provide secure drop-in replacement for mt

Provide secure drop-in replacement for mt_rand()

Submitted:

2012-03-15 02:00 UTC

Modified:

2016-07-30 14:03 UTC

Votes:	2
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

tstarling@php.net

Assigned:

nikic (profile)

Status:

Closed

Package:

Unknown/Other Function

PHP Version:

5.4SVN-2012-03-15 (SVN)

OS:

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2012-03-15 02:00 UTC] tstarling@php.net

Description:
------------
mt_rand() is insecure, but people keep using it for security-sensitive purposes anyway, because:

* The interface is more familiar than functions that return binary strings, like openssl_random_pseudo_bytes() and mcrypt_create_iv(). Legacy code uses rand() or mt_rand(). 
* openssl_random_pseudo_bytes() and mcrypt_generate_iv() are not available on every platform, so mt_rand() is a simple alternative for a developer of distributed software.

I propose adding a function to ext/standard which has the same parameters and return value type as mt_rand(), but uses a secure random source. In particular, I think the random number generation method used by mcrypt_generate_iv(..., MCRYPT_DEV_URANDOM) is most appropriate. It is fast and works on virtually every platform supported by PHP without external library dependencies.

Like mcrypt_generate_iv(), the new function could raise a warning and return false if /dev/urandom cannot be opened. The application can then decide based on its security policies whether it wishes to fall back to mt_rand() or abort the transaction.

The function could be called os_rand(), like Python's os.urandom(), or secure_rand() or rand_s(), like in the Windows CRT security extension.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2012-03-15 07:16 UTC] pajoye@php.net

Hi Tim,


The needs are definitively here.

Some comments/questions for the record here:

Which platforms do not have openssl_random_pseudo_bytes?

mcrypt_generate_iv relies on external library as it is enabled only if mcrypt is 
available, sadly. However one could emulate it or enforce good configuration by 
checking and using the session.entropy_file which should be set to urandom or 
equivalent.

Also it is important to say that URANDOM is not crytpo safe. So depending on the 
usages, it is not thought to be uses for security sensitive purposes. However it 
could be enough for one time password and related usages.

[2012-03-15 11:11 UTC] tstarling@php.net

Sorry, by platform I meant server. It is available for every platform but it is not installed by default.

mcrypt_generate_iv() does not rely on libmcrypt, the implementation just happens to be inside the mcrypt extension. In r300273 and r300289 you factored out the Windows part of mcrypt_generate_iv() into php_win32_get_random_bytes(), so that it would be available for other extensions. I'm saying it would be nice if you could factor out the rest of it too, and then provide an easy-to-use interface to the urandom/CryptGenRandom source in ext/standard.

[2016-07-30 14:03 UTC] nikic@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: nikic

[2016-07-30 14:03 UTC] nikic@php.net

PHP 7.0 introduced random_bytes() and random_int(), which should resolve this FR.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Apr 24 05:01:30 2024 UTC