To reiterate the message about *not* using mt_rand() for anything security related, here's a new tool that has been just posted that recovers the seed value given a single mt_rand() output:
http://www.openwall.com/php_mt_seed/README
(PHP 4, PHP 5, PHP 7, PHP 8)
mt_rand — Generate a random value via the Mersenne Twister Random Number Generator
$min, int $max): intMany random number generators of older libcs have dubious or unknown characteristics and are slow. The mt_rand() function is a drop-in replacement for the older rand(). It uses a random number generator with known characteristics using the » Mersenne Twister, which will produce random numbers four times faster than what the average libc rand() provides.
If called without the optional min,
max arguments mt_rand()
returns a pseudo-random value between 0 and
mt_getrandmax(). If you want a random number
between 5 and 15 (inclusive), for example, use mt_rand(5,
15).
Cette fonction ne génère pas de valeurs cryptographiquement sûres, et ne doit pas être utilisée à des fins cryptographiques, ou à des fins qui exigent que les valeurs renvoyées soient indéchiffrables.
Si de l'aléatoire cryptographiquement sûre est requis, le Random\Randomizer peut être utilisé avec le moteur Random\Engine\Secure. Pour des cas d'usage simple, les fonctions random_int() et random_bytes() fournissent une API pratique et sûre qui est qui est soutenu par le CSPRNG du système d'exploitation.
minOptional lowest value to be returned (default: 0)
maxOptional highest value to be returned (default: mt_getrandmax())
A random integer value between min (or 0)
and max (or mt_getrandmax(), inclusive),
or false if max is less than min.
| Version | Description |
|---|---|
| 7.2.0 | mt_rand() has received a bug fix for a modulo bias bug. This means that sequences generated with a specific seed may differ from PHP 7.1 on 64-bit machines. |
| 7.1.0 | rand() has been made an alias of mt_rand(). |
| 7.1.0 |
mt_rand() has been updated to use the fixed, correct, version of
the Mersenne Twister algorithm. To fall back to the old behaviour, use mt_srand() with MT_RAND_PHP as the second parameter.
|
Exemple #1 mt_rand() example
<?php
echo mt_rand() . "\n";
echo mt_rand() . "\n";
echo mt_rand(5, 15);
?>
Résultat de l'exemple ci-dessus est similaire à :
1604716014 1478613278 6
min max range must
be within the range mt_getrandmax(). i.e. (max -
min) <= mt_getrandmax()
Otherwise, mt_rand() may return poorer random numbers
than it should.
To reiterate the message about *not* using mt_rand() for anything security related, here's a new tool that has been just posted that recovers the seed value given a single mt_rand() output:
http://www.openwall.com/php_mt_seed/README
The seed is the PID + LCG (https://github.com/php/php-src/search?q=GENERATE_SEED&unscoped_q=GENERATE_SEED)
To see some systematic deviations from a universal distribution run:
<?php
$alfabet = str_split('ADHKLMNPSTUWX');
$countalfabet = count($alfabet)-1;
$code = array_fill_keys($alfabet, 0);
for ($L=0; $L<80*$countalfabet; $L++)
{
$lettr = floor(mt_rand ( 0, $countalfabet ));
$code[$alfabet[$lettr]]++;
}
foreach($code as $L => $Freq)
{
for($F=0; $F<$Freq; $F++)
{
echo $L;
}
echo "\n<br/>";
}
?>