On Sun, Mar 15, 2015 at 11:29 AM, Matteo Beccati <p...@beccati.com> wrote:
> On 15/03/2015 04:23, Sammy Kaye Powers wrote: > >> A two week discussion period has been held for the reliable user-land >> CSPRNG RFC to add `random_bytes()` and `random_int()`. The RFC has now >> been >> moved into voting. >> >> https://wiki.php.net/rfc/easy_userland_csprng >> >> There was some discussion of prefixing the function names with >> `crypto_*()` >> but there are a few reasons we decided against this: >> >> 1) There is a crypto pecl extension, so the pseudo-namespace might cause >> confusion. >> 2) We want to work on a fully featured crypto framework for 7.1, and >> crypto_* is a good prefix for that, so again, we don't want to mix things >> up. >> > > [...] > > Or in the poker deck example, wouldn't it be enough just to seed mt_srand > with a crypto-secure number to remove the biasing and using mt_rand to > shuffle the deck? > The problem is that when using mt_rand - even if you seeded it with a cryptographic random number - you will be able to predict all future random numbers based on the first few. The tiny 32bit seed space can be easily brute forced. MT also allows directly recovering the full internal state from the output, though that requires a relatively large amount of values (624 if not truncated) and as such isn't practical for the Poker case. Nikita
