To reiterate the message about *not* using mt_rand() for anything security related, here's a new tool that has been just posted that recovers the seed value given a single mt_rand() output:
http://www.openwall.com/php_mt_seed/README
(PHP 4, PHP 5, PHP 7, PHP 8)
mt_rand — Generate a random value via the Mersenne Twister Random Number Generator
Many random number generators of older libcs have dubious or unknown characteristics and are slow. The mt_rand() function is a drop-in replacement for the older rand(). It uses a random number generator with known characteristics using the » Mersenne Twister, which will produce random numbers four times faster than what the average libc rand() provides.
If called without the optional min
,
max
arguments mt_rand()
returns a pseudo-random value between 0 and
mt_getrandmax(). If you want a random number
between 5 and 15 (inclusive), for example, use mt_rand(5,
15)
.
Questa funzione non genera valori crittograficamente sicuri, e non dovrebbe essere usata per scopi di crittografia. Se c'è necessità di utilizzare un valore crittograficamente sicuro, si preferisca openssl_random_pseudo_bytes().
min
Optional lowest value to be returned (default: 0)
max
Optional highest value to be returned (default: mt_getrandmax())
A random integer value between min
(or 0)
and max
(or mt_getrandmax(), inclusive),
or false
if max
is less than min
.
Versione | Descrizione |
---|---|
7.2.0 | mt_rand() has received a bug fix for a modulo bias bug. This means that sequences generated with a specific seed may differ from PHP 7.1 on 64-bit machines. |
7.1.0 | rand() has been made an alias of mt_rand(). |
7.1.0 |
mt_rand() has been updated to use the fixed, correct, version of
the Mersenne Twister algorithm. To fall back to the old behaviour, use mt_srand() with MT_RAND_PHP as the second parameter.
|
Example #1 mt_rand() example
<?php
echo mt_rand(), "\n";
echo mt_rand(), "\n";
echo mt_rand(5, 15), "\n";
?>
Il precedente esempio visualizzerà qualcosa simile a:
1604716014 1478613278 6
min
max
range must
be within the range mt_getrandmax(). i.e. (max
-
min
) <= mt_getrandmax()
Otherwise, mt_rand() may return poorer random numbers
than it should.
To reiterate the message about *not* using mt_rand() for anything security related, here's a new tool that has been just posted that recovers the seed value given a single mt_rand() output:
http://www.openwall.com/php_mt_seed/README
To see some systematic deviations from a universal distribution run:
<?php
$alfabet = str_split('ADHKLMNPSTUWX');
$countalfabet = count($alfabet)-1;
$code = array_fill_keys($alfabet, 0);
for ($L=0; $L<80*$countalfabet; $L++)
{
$lettr = floor(mt_rand ( 0, $countalfabet ));
$code[$alfabet[$lettr]]++;
}
foreach($code as $L => $Freq)
{
for($F=0; $F<$Freq; $F++)
{
echo $L;
}
echo "\n<br/>";
}
?>
The seed is the PID + LCG (https://github.com/php/php-src/search?q=GENERATE_SEED&unscoped_q=GENERATE_SEED)