|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Doc Bug #81384 Secureness of GMP random functions undocumented
Submitted: 2021-08-26 09:12 UTC Modified: 2021-08-26 10:33 UTC
From: michelbach94 at gmail dot com Assigned:
Status: Verified Package: GNU MP related
PHP Version: 8.0.9 OS: any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: michelbach94 at gmail dot com
New email:
PHP Version: OS:


 [2021-08-26 09:12 UTC] michelbach94 at gmail dot com
Usually, the documentation of PHP functions that return randomness says whether the respective function is cryptographically secure. However, this is not the case with the GMP randomness functions gmp_random_bits() and gmp_random_range() (nor with the deprecated gmp_random()).

From a Google search, I found that these functions are not cryptographically secure sources of randomness ( This should be added to the documentation as PHP's GMP implementation being able to handle large numbers is very welcoming to the implementation of cryptographic primitives.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2021-08-26 10:33 UTC]
-Status: Open +Status: Verified
 [2021-08-26 10:33 UTC]
gmp_random_bits(), gmp_random() and gmp_random_range() call
mpz_urandomb() and mpz_urandomm(), respectively, internally, and
these names suggest that urandom is used as source of randomness,
but this is not explicitly documented[1], so possibly that "u"
just refers to the uniform distribution.

So, yes, if in doubt don't use these numbers for cryptographic

[1] <>
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Dec 04 18:03:34 2021 UTC