Nice to meet you, internals. PHP 8.0 has been released. With the inclusion of JIT, PHP is about to be extended beyond the web.
So I'd like to make a few suggestions. First , PHP has the historical Mersenne Twister PRNG. However, this implementation keeps its state in a global and cannot be handled as an object like other languages (e.g. Java). So, I created a PHP Extension and proposed it to PECL. https://marc.info/?l=pecl-dev&m=160795415604102&w=2 https://github.com/zeriyoshi/php-ext-orng But, Then I looked at the mailing list archives and noticed that a similar proposal had been made before. https://externals.io/message/98021#98130 I feel that this suggestion is needed now to expand PHP beyond the web. Second suggestion is to stop using the Combined LCG as the default seed value for each function. PHP's Combined LCG only uses PID (or ZTS Thread ID) and time as entropy. https://github.com/php/php-src/blob/master/ext/standard/lcg.c#L72 With the development of container technology, this problem seems to be getting more serious. So I think we should use the random numbers provided by the OS (getrandom on Linux) if available. I would like to hear your opinions. Regards Go Kudo <zeriyo...@gmail.com>
