Hi all, Since I was about to improve uniqid()'s entropy by replacing php_combined_lcg() to php_random_int(), I spent time to check other places that could be a problem.
mt_rand()'s is seeded as follows by default. ext/standard/php_rand.h #ifdef PHP_WIN32 #define GENERATE_SEED() (((zend_long) (time(0) * GetCurrentProcessId())) ^ ((zend_long) (1000000.0 * php_combined_lcg()))) #else #define GENERATE_SEED() (((zend_long) (time(0) * getpid())) ^ ((zend_long) (1000000.0 * php_combined_lcg()))) #endif We know this kind of seed is guessable. i.e. Our session id is compromised by this kind of code. Although it would be rare that raw mt_rand() value is exposed, but guessable value is guessable. I'm going to replace the seeding code by simple php_random_int() call. Any comments? Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
