Hi
On 8/4/22 10:09, Anton Smirnov wrote:
xoshiro** has a known edge case: all-zero seed
Indeed, good catch. I had that in mind, but forgot about it.
<?php
$engine = new \Random\Engine\Xoshiro256StarStar(str_repeat("\0", 32));
while (true) {
echo hex2bin($engine->generate()), PHP_EOL; // 0000000000000000
}
It should be documented and/or handled
It's only for a string seed, int seed is not affected
I've created a PR here:
https://github.com/php/php-src/pull/9250
I've opted to throw a ValueError in that case, as that's the only safe
option that does not introduce a bias.
The 32xNUL seed basically should only happen for manually written
testing input and not happen otherwise. An actual random seed will
result in 32 NUL bytes with just a 2**-256 chance and when relying on
the implicit CSPRNG seeding (`null` as seed parameter) my PR will just
retry to catch even that edge case.
Best regards
Tim Düsterhus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
