PHP RFC: Use php_mt_rand() instead of php_rand()
- Version: 0.9
- Date Created: 2014-07-17
- Author: Yasuo Ohgaki, firstname.lastname@example.org
- Status: Withdrawn
- First Published at: http://wiki.php.net/rfc/use-php_mt_rand
https://wiki.php.net/rfc/rng_fixes tooke care of this RFC. Withdrawn.
Both php_rand() and php_mt_rand() internal function provides pseudo random numbers. php_rand() uses system random function which has less randomness compare to MT rand. There are few places that use php_rand() currently.
These functions could use php_mt_rand() instead of php_rand() to improve randomness.
- Most system uses random() function that has cycle of 16 * ((2^31) - 1)
- MT rand has cycle of 2^19937-1 which is much larger than random().
- Add automatic seeding to php_mt_rand() like php_rand() currently is.
- Use php_mt_rand() where php_rand() is used.
- Add 64 bit MT rand for 64 bit platforms. http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/emt64.html
- Use php_mt_rand()/php_mt_srand() for rand()/srand() PHP function.
- Rename rand()/srand() to rand_XXX()/srand_XXX() - name is TBD.
Note: rand() (or rand_XXX) uses php_rand(), NOT php_mt_rand().
Backward Incompatible Changes
Game that expects the same pseudo random sequences. These apps may use mt_srand() to get fixed random sequences and adjust their apps if it is needed.
64 bit platforms get different pseudo random sequences.
Proposed PHP Version(s)
- PHP 5.x+
To Existing Extensions
- password_hash http://jp1.php.net/manual/en/function.password-hash.php (Used to generate salt)
- mcrypt_create_iv() http://jp1.php.net/manual/en/function.mcrypt-create-iv.php (When true RNG is not used)
If there are any php.ini settings then list:
- hardcoded default values
- php.ini-development values
- php.ini-production values
Determine rand() rename candidate.
Unaffected PHP Functionality
php_rand()/php_srand() remains. Therefore, modules that are using them are not affected.
Proposed Voting Choices
VOTE: 2014/XX/XX - 2014/XX/XX
If you agree to apply stronger pseudo random number, please vote 'yes'.
If you would like to have MT rand for rand() function, please vote 'yes'.
Please choose 'yes' or 'no' even if you vote 'no' for previous.
Thank you for voting!
State whether this project requires a 2/3 or 50%+1 majority (see voting)
Patches and Tests
After the project is implemented, this section should contain
- the version(s) it was merged to
- a link to the git commit(s)
- a link to the PHP manual entry for the feature
Links to external references, discussions or RFCs
Keep this updated with features that were discussed on the mail lists.