On Wed, 18 Jan 2017 at 06:05 Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> It could be. I haven't read and research MT rand initialization code > carefully yet. I have, it stretches 4 bytes of seed material into 624 * 4 bytes of material. There are only 2^32 possible initial states from direct seeding. After the state has been consumed it does a "twist"-pass on the existing state, this is where the "^19937-1 period comes from. I would recommend taking 4 bytes from php_random_bytes_silent() cast to uint32_t and passed to php_mt_srand(), if php_random_bytes_silent() fails fall back to the original seeding generation mechanism (it is unlikely an adversary can know which method was used)
