To reiterate the message about *not* using mt_rand() for anything security related, here's a new tool that has been just posted that recovers the seed value given a single mt_rand() output:
http://www.openwall.com/php_mt_seed/README
(PHP 4, PHP 5, PHP 7, PHP 8)
mt_rand — Generate a random value via the Mersenne Twister Random Number Generator
Many random number generators of older libcs have dubious or unknown characteristics and are slow. The mt_rand() function is a drop-in replacement for the older rand(). It uses a random number generator with known characteristics using the » Mersenne Twister, which will produce random numbers four times faster than what the average libc rand() provides.
If called without the optional min
,
max
arguments mt_rand()
returns a pseudo-random value between 0 and
mt_getrandmax(). If you want a random number
between 5 and 15 (inclusive), for example, use mt_rand(5,
15)
.
Bu işlev kriptografik olarak güvenilir değerler üretmez ve kriptografik amaçlarla veya döndürülen değerlerin tahmin edilemez olmasını gerektiren amaçlarla kullanılmamalıdır.
Kriptografik olarak güvenilir rastgelelik gerekliyse Random\Randomizer sınıfı Random\Engine\Secure motoru ile kullanılabilir. Basit kullanım durumlarında random_int() ve random_bytes() işlevleri, işletim sisteminin CSPRNG’i tarafından desteklenen kullanışlı ve güvenli bir arayüz sağlar.
min
Optional lowest value to be returned (default: 0)
max
Optional highest value to be returned (default: mt_getrandmax())
A random integer value between min
(or 0)
and max
(or mt_getrandmax(), inclusive),
or false
if max
is less than min
.
Sürüm: | Açıklama |
---|---|
7.2.0 | mt_rand() has received a bug fix for a modulo bias bug. This means that sequences generated with a specific seed may differ from PHP 7.1 on 64-bit machines. |
7.1.0 | rand() has been made an alias of mt_rand(). |
7.1.0 |
mt_rand() has been updated to use the fixed, correct, version of
the Mersenne Twister algorithm. To fall back to the old behaviour, use mt_srand() with MT_RAND_PHP as the second parameter.
|
Örnek 1 mt_rand() example
<?php
echo mt_rand(), "\n";
echo mt_rand(), "\n";
echo mt_rand(5, 15), "\n";
?>
Yukarıdaki örnek şuna benzer bir çıktı üretir:
1604716014 1478613278 6
min
max
range must
be within the range mt_getrandmax(). i.e. (max
-
min
) <= mt_getrandmax()
Otherwise, mt_rand() may return poorer random numbers
than it should.
To reiterate the message about *not* using mt_rand() for anything security related, here's a new tool that has been just posted that recovers the seed value given a single mt_rand() output:
http://www.openwall.com/php_mt_seed/README
To see some systematic deviations from a universal distribution run:
<?php
$alfabet = str_split('ADHKLMNPSTUWX');
$countalfabet = count($alfabet)-1;
$code = array_fill_keys($alfabet, 0);
for ($L=0; $L<80*$countalfabet; $L++)
{
$lettr = floor(mt_rand ( 0, $countalfabet ));
$code[$alfabet[$lettr]]++;
}
foreach($code as $L => $Freq)
{
for($F=0; $F<$Freq; $F++)
{
echo $L;
}
echo "\n<br/>";
}
?>
The seed is the PID + LCG (https://github.com/php/php-src/search?q=GENERATE_SEED&unscoped_q=GENERATE_SEED)