On Thu, Jun 23, 2016 at 3:18 PM, Tom Worster <f...@thefsb.org> wrote:
> On 6/22/16, 5:19 PM, "Nikita Popov" <nikita....@gmail.com> wrote: > > >I haven't been following this thread, just jumping in to comment on this > >point. My suggestion to deprecate rand() was motivated by the fact that > >rand() produces extremely low quality random numbers on Windows, while at > >the same time having the name people are most likely to try first if they > >want to have a random number. It's a bad state of things if there's a > >rand() and an mt_rand() function and the latter is preferable in *all* > >situations, while the former is more likely to be used. However, this > >concern is completely alleviated by aliasing rand() to mt_rand(). If we > >do this, I see no reason to deprecate rand(), at least in the short term. > > Alternatively, if you fix rand() by making *it* the new, fast, > platform-independent RNG (e.g. Xoroshiro128+) and leave mt_rand() alone > then: > > 1. The "bad state of things" you described is resolved. > > 2. The various complaints about mt_rand() become irrelevant because rand() > will be preferable in *all* situations (except security and backwards > compat). Imho this is worst solution of all. This means that prior to PHP 7.1 mt_rand() is preferable in all cases and starting with PHP 7.1 rand() is preferable in all cases. Have fun writing code for that. I personally have no problem changing mt_rand() to use something other than MT19937. Given the fact that mt_rand() has been producing random numbers that do not conform to the MT19937 sequence for years and years and it was only noticed recently we can say that, without any doubt, nobody is using mt_rand() to obtain sequences compatible with external MT implementations. As such it doesn't matter if we switch to something else (apart from the fact that the sequence changes in *some* way, which is a given with all the changes we're discussion here.) Whatever we do, please maintain the invariant that mt_rand() >= rand() in terms of quality. I recommend doing this by making mt_rand() == rand(). Regards, Nikita
