Differences

This shows you the differences between two versions of the page.

--- rfc:rng_fixes [2016/06/16 18:48] – leigh
+++ rfc:rng_fixes [2016/07/07 10:24] – leigh
@@ Line 19: / Line 19: @@
 ===== Proposal =====
-There are several proposals up for discussion that I hope to fine-tune, improve upon or eliminate completely during the discussion phase. The proposals are:
+There are several proposals up for discussion.
-  * Replace mt_rand() and rand() to a strong, modern RNG.
+  * Fix the current mt_rand() implementation, with the legacy implementation still available.
-  * Alternatively, fix the current mt_rand() implementation.
   * Alias rand() to mt_rand().
   * Fix RAND_RANGE for large ranges.
   * Replace insecure uses of php_rand() with php_random_bytes()
   * Make array_rand() more efficient
-== Replace mt_rand() and rand() to a strong, modern RNG. ==
-Most of the identified issues can be addressed by replacing the implementations of <php>mt_rand()</php> and <php>rand()</php> with a more modern random number generator such as ([[http://xoroshiro.di.unimi.it/|Xoroshiro128+]]) or ([[http://www.pcg-random.org/|PCG]])
-As we currently recommend using <php>mt_rand()</php> over <php>rand()</php> it doesn't make sense to only replace the implementation of <php>rand()</php> with a stronger RNG.
-This change would alter the output streams of both functions, however it fixes:
-  * Incorrect implementation of <php>mt_rand()</php> (with documentation to say it is no longer <php>mt_rand()</php>)
-  * Platform-specific outputs
-  * Poor scaling of bounded outputs
-This would also give a performance benefit to heavy users of the functions, as <php>mt_rand()</php> is very slow.
 == Fix mt_rand() implementation ==
 The implementation of <php>mt_rand()</php> in PHP contains a typo that makes it generate a different sequence of numbers to the original mt19937 implementation. [[https://bugs.php.net/bug.php?id=71152|See bug #71152]]
-It is not known if the period of the RNG is negatively affected due to this typo, although statistical analysis suggests that the quality of the output is unaffected.
+[[https://gist.github.com/tom--/a12175047578b3ae9ef8|Statistical analysis]] suggests that the quality of the output is unaffected.
 As <php>mt_rand()</php> can be seeded for repeatable sequences the current implementation makes it incompatible with other systems that do use correct implementations. However fixing it also means that the sequence generated for a given seed in PHP will also now be different.
+The legacy implementation will be preserved and be selectable with a new `mt_rand_mode(int $mode)` function, along with new constants representing the two modes.
 == Alias rand() to mt_rand() ==
@@ Line 63: / Line 51: @@
   * <php>crypt()</php> salt generation
   * SOAP HTTP auth nonce generation
-  * <php>mcrypt_create_iv()</php> fallback with invalid source.
 These instances should all be fixed to use the secure random number generator (even mcrypt which is deprecated)
@@ Line 79: / Line 66: @@
   * <php>str_shuffle()</php>
   * <php>crypt()</php>
-  * <php>mcrypt_create_iv()</php>
 ===== Proposed PHP Version(s) =====
@@ Line 95: / Line 81: @@
 ==== New Constants ====
-None
+MT_RAND_MT19937 (correct implementation mode)
+MT_RAND_PHP (unofficial implementation mode)
 ===== Open Issues =====
@@ Line 104: / Line 91: @@
 ===== Patches and Tests =====
-WIP - I will release a patch after a week or so of discussion has taken place when there is a better idea of which proposals are wanted.
+https://github.com/php/php-src/pull/1986
 ===== Implementation =====
 ===== References =====

Differences

Page Tools