On Thu, 2022-08-04 at 22:32 +0200, Hans Henrik Bergan wrote: > dangerous to be sure, but it's also a technically valid seed, > are you sure we should disallow a valid seed?
Reference implementation defines it as invalid: https://prng.di.unimi.it/xoshiro256starstar.c Some implementations choose to seed the RNG with 0x0000...0001 but that kinda inroduces bias > On Thu, 4 Aug 2022 at 20:33, Tim Düsterhus <t...@bastelstu.be> wrote: > > Hi > > > > On 8/4/22 10:09, Anton Smirnov wrote: > > > xoshiro** has a known edge case: all-zero seed > > > > Indeed, good catch. I had that in mind, but forgot about it. > > > > > <?php > > > > > > $engine = new \Random\Engine\Xoshiro256StarStar(str_repeat("\0", > > > 32)); > > > > > > while (true) { > > > echo hex2bin($engine->generate()), PHP_EOL; // > > > 0000000000000000 > > > } > > > > > > It should be documented and/or handled > > > > > > It's only for a string seed, int seed is not affected > > > > > > > I've created a PR here: > > > > https://github.com/php/php-src/pull/9250 > > > > I've opted to throw a ValueError in that case, as that's the only > > safe > > option that does not introduce a bias. > > > > The 32xNUL seed basically should only happen for manually written > > testing input and not happen otherwise. An actual random seed will > > result in 32 NUL bytes with just a 2**-256 chance and when relying > > on > > the implicit CSPRNG seeding (`null` as seed parameter) my PR will > > just > > retry to catch even that edge case. > > > > Best regards > > Tim Düsterhus > > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
