Re: [PHP6] Merging rand and mt_rand()
On 23.02.2014, at 22:53, Andrea Faulds <[email protected]> wrote:
>
> On 23 Feb 2014, at 20:22, Stas Malyshev <[email protected]> wrote:
>> I would say anybody who relies on RNG producing preset numbers is asking
>> for trouble. If you need mock RNG, mock it out, don't rely on
>> undocumented properties of the system one.
>> But then again, refactoring and unifying RNGs is not very urgent thing
>> and a good candidate to put in a major version.
>
>
> What? PRNGs guarantee that for a given seed they will always produce the same sequence. All
> sorts of things do and should rely on this.
As far as rand() is concerned, this already doesn't work. As it's using the system rand it
might change behavior when changing to a different OS for example. In this regards the change
actually helps.
That said, I think it's a very bad idea to use a non-random seed with mt_srand() or srand() as
a lot of code fall backs to them when no secure alternative exists. Also some library may use them
to decide things that should actually be random. Maybe it would be a good idea to deprecate those
and not include them in PHP6? It's probably safer to provide a dedicated sequence generator,
than having people abuse our PRNGs.
Thread (15 messages)