On Mon, Jan 16, 2017 at 4:04 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Since I was about to improve uniqid()'s entropy by replacing > php_combined_lcg() to php_random_int(), I spent time to check other places > that could be a problem. > > mt_rand()'s is seeded as follows by default. > > ext/standard/php_rand.h > #ifdef PHP_WIN32 > #define GENERATE_SEED() (((zend_long) (time(0) * GetCurrentProcessId())) ^ > ((zend_long) (1000000.0 * php_combined_lcg()))) > #else > #define GENERATE_SEED() (((zend_long) (time(0) * getpid())) ^ ((zend_long) > (1000000.0 * php_combined_lcg()))) > #endif > > We know this kind of seed is guessable. i.e. Our session id is compromised > by this kind of code. > > Although it would be rare that raw mt_rand() value is exposed, but > guessable value is guessable. I'm going to replace the seeding code by > simple php_random_int() call. > > Any comments? > Read a bit more mt_rand code.It is better to exploit extremely long MT rand cycle. Therefore patch will be a little more complex than simply replacing the seeding code. Comments are appreciated. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net