PHP的mt_rand如何播种? [英] How is PHP's mt_rand seeded?

问题描述

我知道PHP的mt_rand()不应出于安全目的使用，因为其结果在密码学上不强.然而，许多PHP代码只是这样做，或者在没有更好的随机性来源的情况下将其用作备用.

I know PHP's mt_rand() should not be used for security purposes as its results are not cryptographically strong. Yet a lot of PHP code does just that, or uses it as a fallback if better sources of randomness are not available.

那它有多糟? mt_rand用于播种的随机性有哪些来源?密码应用程序的mt_rand还有其他安全问题吗?

So how bad is it? What sources of randomness does mt_rand use for seeding? And are there other security problems with mt_rand for cryptographic applications?

推荐答案

在PHP 5.4中，如果第一次使用mt_rand时会自动为其添加种子(种子值是当前时间戳的函数，PHP进程PID和PHP内部 LCG 产生的值.我没有检查过以前版本的PHP的源代码，但是文档 a>表示该种子算法从PHP 5.2.1开始一直在使用.

In PHP 5.4, if mt_rand is automatically seeded the first time it's used (PHP source). The seed value is a function of the current timestamp, the PHP process PID and a value produced by PHP's internal LCG. I didn't check the source for previous versions of PHP, but the documentation implies that this seeding algorithm has been in use starting from PHP 5.2.1.

mt_rand背后的RNG算法是 Merenne Twister .谈论它的严重程度"并没有多大意义，因为很清楚地证明了这一点(不幸的是，不在PHP文档页面上)，它完全不适合密码应用.如果您想要加密强度随机性，请使用已记录的加密强度生成器.

The RNG algorithm behind mt_rand is the Mersenne Twister. It doesn't really make sense to talk about "how bad" it is, because it's clearly documented (not on the PHP docs page, unfortunately) that it is entirely unsuitable for cryptographic applications. If you want crypto-strength randomness, use a documented crypto-strength generator.

更新:您可能还需要查看

Update: You might also want to look at this question from crypto.SE.

这篇关于PHP的mt_rand如何播种?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！