6

Yesterday I overheard a conversation about rand() and mt_rand(), a collegue said that both of these are predictable and you should use different functions? I was wondering, I know rand() is predictable in some way, and after some googling. Even mt_rand() seems to be predictable if I readed this correctly.

For this I wrote a small piece of code, which creates an image:

<?php
header("Content-type: image/png");
$im = imagecreatetruecolor(512, 512) or die("Cannot Initialize new GD image stream");
$white = imagecolorallocate($im, 255, 255, 255);
$black = imagecolorallocate($im, 0, 0, 0);
for ($y = 0; $y < 512; $y++) {
    for ($x = 0; $x < 512; $x++) {
        if (rand(0, 1)) {
            imagesetpixel($im, $x, $y, $white);
        }
        else{
            imagesetpixel($im, $x, $y, $black);
        }
    }
}
imagepng($im); imagedestroy($im);

?>

this code outputs this image, as you can see it has some kind of pattern: rand() image

while the mt_rand() function gave me this output: mt_rand() image

now my question is, is mt_rand() really that predictable, it seems pretty random to me compared to the rand() function.

Azrael
  • 1,094
  • 8
  • 19
  • http://stackoverflow.com/questions/7808021/whats-the-disadvantage-of-mt-rand – The Alpha Oct 07 '14 at 07:00
  • What do you mean by *secure* in this case? Do you mean in the sense that the value can't be predicted? – Spencer Wieczorek Oct 07 '14 at 07:00
  • 1
    This method is much better than to print random numbers 10000 times and to count them. – Aycan Yaşıt Oct 07 '14 at 07:01
  • Both `rand` and `mt_rand` are ***pseudo*** random number generators, which by their very definition are predictable under certain circumstances (e.g. you get to know their seed or internal state). For truly unpredictable random numbers you need a hardware generator. OS-level implementations which maintain an entropy pool fuelled by more or less random events and/or an actual hardware RNG are much more random than such PRNGs. – deceze Oct 07 '14 at 07:05

1 Answers1

8

Directly from the docs:

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.

mt_rand generates better random numbers than rand, and much faster. But that doesn't make it "secure" in the sense that it should be used for cryptography. Whether it's secure enough for your application is pretty subjective.

user229044
  • 232,980
  • 40
  • 330
  • 338
  • 1
    I was about to post the same thing. No idea who DV'd this or why. – GordonM Oct 07 '14 at 06:58
  • By "secure" we don't know if the user means cryptography. – Spencer Wieczorek Oct 07 '14 at 07:05
  • @SpencerWieczorek No, we don't. – user229044 Oct 07 '14 at 07:06
  • Let's say I use `mt_rand()` for generating a salt, would it be insecure? – Azrael Oct 07 '14 at 07:06
  • @Azrael Why are you doing that instead of using an existing, proven solution? – user229044 Oct 07 '14 at 07:07
  • Because existing/proven solutions might also be known to be cracked. – Azrael Oct 07 '14 at 07:09
  • 4
    @Azrael That's a terrible reason to write your own solution. Existing/proven solutions are going to be *fixed*, and orders of magnitude harder to crack than anything you're going to write yourself. I don't want to discourage experimentation, but you really absolutely *must* not attempt to write your own cryptographic libraries for production systems. It is one of the very hardest things to get right, with the highest stakes, and existing battle-tested solutions are abundant. – user229044 Oct 07 '14 at 07:10