Hi Lauri, On Tue, Jan 17, 2017 at 11:59 PM, Lauri Kenttä <lauri.ken...@gmail.com> wrote:
> On 2017-01-17 16:18, Lauri Kenttä wrote: > >> On 2017-01-17 02:34, Yasuo Ohgaki wrote: >> >>> Set state somewhere between MT rand's 2^19937−1 cycle. >>> >> >> This is exactly what my patch does. >> > > Or, to be honest, my patch provides 2^19936 possible states, > which should be more than enough. > > To get all 2^19937−1, you would need to get one more bit of > entropy (2^19936 to 2^19937) and then check that the state is > not all zeros (which is the −1 in 2^19937−1). That's certainly > not worth the trouble, so I just set that one "extra" bit to 1. > (MT doesn't work if the state is all zeros.) Sorry for sloppy patch reading. Your patch initialize whole BG(state) buffer by php_random_bytes(). This should be good enough. I'll merge this patch. This better automatic initialization should be included 7.0 and up. mt_rand() will at a lot stronger against dictionary attacks. Any comments, RMs? Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
