使mt_rand（）尽可能安全 [英] Making mt_rand() as secure as possible

问题描述

我在写一个抽奖程序，人们有一些票，用1到100之间的自然数标记。

我使用 mt_rand（1,100）生成获胜票数，然后输出到网站，这样每个人都可以看到它。

现在我做了一些研究，发现了从Merseene维基文章：

观察足够的迭代次数（在MT19937的情况下为624，

是mt_rand（）MT19937使用的当前版本吗？

p>

如果是这样，我可以做些什么来使我生成的数字更加密码安全？

解决方案

简短答案：

您可以简单地使用随机数字生成器此任务而不是 mt_rand（） 。

PHP 7发布时可以在您的项目中使用 random_int（） 需要一个密码安全的随机数生成器。

好吧，但是PHP 7还没有出来。

好，你很幸运，你有两个很好的选择。

使用 RandomLib 或

我一直在努力将PHP 7的CSPRNG函数转移到PHP 5项目中，它存在于Github上 paragonie / random_compat 。

我不想使用库;如何安全地滚动我自己？

在加密方面，滚动自己的实现通常是一个糟糕的决定。这里没有发明但是，如果你死了写自己的PHP库到安全地生成随机整数或字符串，需要记住以下几点：

1. 使用可靠的随机来源。在偏好顺序，从 / dev / urandom 读取应该是您的第一选择，随后是 mcrypt_create_iv（） c> MCRYPT_DEV_URANDOM ，然后从 CAPICOM （仅限Windows）读取，最后 openssl_random_pseudo_bytes（）。


2. 从 / dev / urandom 读取时，缓存文件描述符以减少每个函数调用的开销。 li>
   
3. 从 / dev / urandom 读取时，PHP将始终缓冲8192字节的数据（可能不会使用）。请确保关闭读取缓冲（即 stream_set_read_buffer（$ fileHandle，0）; ）。


4. 泄漏定时信息。这意味着，一般来说，你想使用按位运算符而不是数学函数（例如 log（））或任何涉及浮点数的操作。


5. 不要使用模运算符将随机整数减少到某个范围。这将导致偏差的概率分布：
   


6. 一个好的CSPRNG不会回退到不安全的结果。如果没有合适的CSPRNG可用，不要默默使用 mt_rand（）而是抛出未捕获的异常或发出致命错误。立即获得开发者的注意。

I am writing a raffle program where people have some tickets, which are marked by natural numbers in the range of 1 to 100 inclusive.

I use mt_rand(1,100) to generate the number of the winning ticket, and then this is outputted to the site, so everyone can see it.

Now I did a little research and found out from the Merseene wiki article that:

Observing a sufficient number of iterations (624 in the case of MT19937, since this is the size of the state vector from which future iterations are produced) allows one to predict all future iterations.

Is the current version used by mt_rand() MT19937?

If so, what can I do to make my generated numbers more cryptographically secure?

Thanks in advance :-)

解决方案

The short answer:

If so, what can I do to make my generated numbers more cryptographically secure?

You can simply use a random number generator suited for this task instead of mt_rand().

When PHP 7 comes out, you can use random_int() in your projects when a cryptographically secure random number generator is needed.

"Okay, great, but PHP 7 isn't out yet. What do I do today?"

Well, you're in luck, you have two good options available to you.

Use RandomLib. OR

I've been working on backporting PHP 7's CSPRNG functions into PHP 5 projects. It lives on Github under paragonie/random_compat.

"I don't want to use a library; how do I safely roll my own?"

When it comes to cryptography, rolling your own implementation is usually a poor decision. "Not invented here," is usually a good thing. However, if you're dead set on writing your own PHP library to securely generate random integers or strings, there are a few things to keep in mind:

1. Use a reliable source of randomness. In order of preference, reading from /dev/urandom should be your first choice, followed by mcrypt_create_iv() with MCRYPT_DEV_URANDOM, followed by reading from CAPICOM (Windows only), and lastly openssl_random_pseudo_bytes().
2. When reading from /dev/urandom, cache your file descriptors to reduce the overhead of each function invocation.
3. When reading from /dev/urandom, PHP will always buffer 8192 bytes of data (which, likely, you will not use). Be sure to turn read buffering off (i.e. stream_set_read_buffer($fileHandle, 0);).
4. Avoid any functions or operations that can leak timing information. This means, generally, you want to use bitwise operators instead of math functions (e.g. log()) or anything involving floats.
5. Don't use the modulo operator to reduce a random integer to a range. This will result in a biased probability distribution:
6. A good CSPRNG will not fallback to insecure results. Don't silently just use mt_rand() if no suitable CSPRNG is available; instead, throw an uncaught exception or issue a fatal error. Get the developer's attention immediately.

这篇关于使mt_rand（）尽可能安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！