PHP RFC: Use php_mt_rand() instead of php_rand()

• Version: 0.9
• Date Created: 2014-07-17
• Author: Yasuo Ohgaki, yohgaki@php.net
• Status: Withdrawn
• First Published at: http://wiki.php.net/rfc/use-php_mt_rand

https://wiki.php.net/rfc/rng_fixes tooke care of this RFC. Withdrawn.

Both php_rand() and php_mt_rand() internal function provides pseudo random numbers. php_rand() uses system random function which has less randomness compare to MT rand. There are few places that use php_rand() currently.

• http://lxr.php.net/search?q=php_rand&defs=&refs=&path=&hist=&project=PHP_5_5

These functions could use php_mt_rand() instead of php_rand() to improve randomness.

• Most system uses random() function that has cycle of 16 * ((2^31) - 1)
• MT rand has cycle of 2^19937-1 which is much larger than random().

1. Add automatic seeding to php_mt_rand() like php_rand() currently is.
2. Use php_mt_rand() where php_rand() is used.
3. Add 64 bit MT rand for 64 bit platforms. http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt64.html
4. Use php_mt_rand()/php_mt_srand() for rand()/srand() PHP function.
5. Rename rand()/srand() to rand_XXX()/srand_XXX() - name is TBD.

Note: rand() (or rand_XXX) uses php_rand(), NOT php_mt_rand().

Game that expects the same pseudo random sequences. These apps may use mt_srand() to get fixed random sequences and adjust their apps if it is needed.

64 bit platforms get different pseudo random sequences.

• PHP 5.x+

None

Standard module

• shuffle http://jp1.php.net/manual/en/function.shuffle.php
• array_rand http://jp1.php.net/manual/en/function.array-rand.php
• str_shuffle http://jp1.php.net/manual/en/function.str-shuffle.php
• password_hash http://jp1.php.net/manual/en/function.password-hash.php (Used to generate salt)
• rand http://jp1.php.net/manual/en/function.rand.php

Mcrypt

• mcrypt_create_iv() http://jp1.php.net/manual/en/function.mcrypt-create-iv.php (When true RNG is not used)

None

None

If there are any php.ini settings then list:

• hardcoded default values
• php.ini-development values
• php.ini-production values

None.

Determine rand() rename candidate.

php_rand()/php_srand() remains. Therefore, modules that are using them are not affected.

None.

VOTE: 2014/XX/XX - 2014/XX/XX

If you agree to apply stronger pseudo random number, please vote 'yes'.

If you would like to have MT rand for rand() function, please vote 'yes'.

Please choose 'yes' or 'no' even if you vote 'no' for previous.

Thank you for voting!

State whether this project requires a 2/3 or 50%+1 majority (see voting)

TBD

After the project is implemented, this section should contain

1. the version(s) it was merged to
2. a link to the git commit(s)
3. a link to the PHP manual entry for the feature

Links to external references, discussions or RFCs

• https://bugs.php.net/bug.php?id=66718
• http://lxr.php.net/search?q=php_rand&defs=&refs=&path=&hist=&project=PHP_5_5

Keep this updated with features that were discussed on the mail lists.