php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #67795 PHP lacks a modern RNG
Submitted: 2014-08-06 08:06 UTC Modified: 2016-08-31 19:55 UTC
Votes:4
Avg. Score:3.8 ± 0.8
Reproduced:0 of 0 (0.0%)
From: ryacko at gmail dot com Assigned:
Status: Open Package: Math related
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ryacko at gmail dot com
New email:
PHP Version: OS:

 

 [2014-08-06 08:06 UTC] ryacko at gmail dot com
Description:
------------
Modern RNG are very fast and have better distribution. The Mersenne twister has weak seeds, as well as a small seed state.

Several good pseudo random number generators include:
- http://www.iro.umontreal.ca/~panneton/WELLRNG.html (superior equidistribution)
- ChaCha4 (on some chips it has less than a cycle per byte)
- 128-bit AES counter (on chips with AES instruction, it could very well reach 3 gigabytes per second)
- http://www.math.sci.hiroshima-u.ac.jp/~%20m-mat/MT/SFMT/index.html Mersenne Twister SIMD, 4 times faster

I suggest ChaCha4 or 128-bit AES counter since with either of those one could include stream position in the function.

I suggest the following functions:
b_srand( [, $get_additional_entropy] ) it automatically seeds using an md5 hash of the time. Also includes an option to get additional entropy in the same fashion that session.entropy_length gets entropy.
b_rand( int $min , int $max, [, int $stream_position] )


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-08-06 09:47 UTC] ryacko at gmail dot com
Modern RNG are very fast and have better distribution. The Mersenne twister has weak seeds, as well as a small seed state.

Several good pseudo random number generators include:
- http://www.iro.umontreal.ca/~panneton/WELLRNG.html (superior equidistribution)
- ChaCha4 (on some chips it has less than a cycle per byte)
- 128-bit AES counter (on chips with AES instruction, it could very well reach 3 gigabytes per second)
- http://www.math.sci.hiroshima-u.ac.jp/~%20m-mat/MT/SFMT/index.html Mersenne Twister SIMD, 4 times faster

I suggest ChaCha4 or 128-bit AES counter since with either of those one could include stream position in the function.

I suggest the following functions:
b_srand( string $seed [, $get_additional_entropy] ) it automatically seeds using an md5 hash of the time. Also includes an option to get additional entropy in the same fashion that session.entropy_length gets entropy.
b_rand( int $min , int $max, [, int $stream_position] )

An obvious use would be a procedurally generated browser game.
 [2014-08-06 10:03 UTC] ryacko at gmail dot com
https://www.cisuc.uc.pt/publication/show/2676 Forgot to mention Tyche.
 [2014-08-14 05:23 UTC] levim@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: levim
 [2014-08-14 05:23 UTC] levim@php.net
Ironically, this was fixed long ago but the bug has reoccurred now that we are using Google.
 [2014-08-14 05:23 UTC] levim@php.net
-Status: Verified +Status: Open
 [2014-08-14 05:23 UTC] levim@php.net
Oops, I somehow responded on the wrong tab. My apologies!
 [2015-02-09 00:24 UTC] levim@php.net
-Assigned To: levim +Assigned To:
 [2016-08-31 19:55 UTC] cmb@php.net
-Type: Bug +Type: Feature/Change Request
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Tue Sep 18 21:01:27 2018 UTC