Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Openwall.com:
php_mt_seed went beyond PoC (mt_rand seed cracker)
Nov 05, 2013 @ 12:49:12

As Openwall.com has reported, a flaw has been found in PHP's mt_rand functionality that allows the prediction of the result with just some of the other results.

With the functionality added in October, our php_mt_seed PHP mt_rand() seed cracker is no longer just a proof-of-concept, but is a tool that may actually be useful, such as for penetration testing. It is now a maintained project with its own homepage: http://www.openwall.com/php_mt_seed/.

They include a bit of illustration code showing how the see cracker works - generating 10 "random" numbers between 0 and 9. An example of running the "php_mt_seed" command against these values is shown along with the time to crack (just under 20 seconds). There's also an example of cracking when you don't know all 10 numbers in the sequence too. This further reinforces the best practice of not using mt_rand when you need strong random numbers for the security related functionality of your application (something like openssl_random_pseudo_bytes is a much better option).

tagged: mtrand seed cracker proofofconcept poc openwall

Link: http://www.openwall.com/lists/announce/2013/11/04/1

Pádraic Brady:
Predicting Random Numbers In PHP - It’s Easier Than You Think!
Mar 26, 2013 @ 09:54:15

Pádraic Brady has a new post to his site about "randomness" in PHP and how, depending on the method used, you might not be as random as you think.

The Zend Framework team recently released versions 2.0.8 and 2.1.4 to address a number of potential security issues including advisory ZF2013-02 “Potential Information Disclosure and Insufficient Entropy vulnerabilities in ZendMathRand and ZendValidateCsrf Components”. Quite the mouthful! In short, Zend Framework used the mt_rand() function to generate random numbers in situations where neither openssl_pseudo_random_bytes() nor mcrypt_create_iv() were available. This is possible when the openssl and mcrypt extensions are not installed/compiled with PHP.

He talks some about the mt_rand function and how it generates its "random numbers" (designed for speed, not ultimate randomness). He notes that all of PHP's internal randomization functions use the concept of "seeds" to prime the random number/string generation. Unfortunately, the seeding method is known inside PHP, so it is possible - if the method of generation is weak, as it is with mt_rand - that an attacker could brtute force their way into a correct value. You can find more about randomness in PHP in this chapter of his PHP security handbook including a mention of Anthony Ferrara's randomness library.

tagged: randomness seed mtrand openssl mcrypt randomlib

Link:

SitePoint.com:
How to Create Your Own Random Number Generator in PHP
Feb 09, 2012 @ 10:03:35

On SitePoint.com today there's a new tutorial showing how to create a random number generator in PHP (with the help of methods like mt_rand and mt_srand).

Computers cannot generate random numbers. A machine which works in ones and zeros is unable to magically invent its own stream of random data. However, computers can implement mathematical algorithms which produce pseudo-random numbers. They look like random numbers. They feel like random distributions. But they're fake; the same sequence of digits is generated if you run the algorithm twice.

Included in the post is code showing how to use the random functions and how to create a class (Random) that provides a few methods to help make generation easier - "seed" and "num". It first calls "seed" with a number to start the random generator off with and then "num" in a loop to pull out random values based on that.

tagged: random number generator tutorial introduction mtrand

Link:

Suspekt Blog:
mt_srand and not so random numbers
Aug 18, 2008 @ 13:49:31

Stefan Esser points out a problem with the mt_rand and rand methods in PHP that makes them not quite random enough for cryptographic uses.

PHP comes with two random number generators named rand() and mt_rand(). The first is just a wrapper around the libc rand() function and the second one is an implementation of the Mersenne Twister pseudo random number generator. Both of these algorithms are seeded by a single 32 bit dword when they are first used in a process or one of the seeding functions srand() or mt_srand() is called.

He looks at how its currently implemented, some examples of bad methods to get "random" numbers, how shared resources are a problem and an example of a cross-application attack (the application in more than once place using the same method for getting random numbers).

In the comments he recommends either grabbing from /dev/random (if you're on a unix-based system) or making the creation of your numbers a bit more complex to include things the outside world wouldn't know.

tagged: mtrand random number rand cryptography problem

Link:

Jonathan Street's Blog:
Random thoughts on random strings
Jul 03, 2008 @ 07:58:33

On his blog, Jonathan Street has posted some "random thoughts" on generating random (or not so random) strings in PHP.

Humans are astoundingly bad at being random and I just slapped the keyboard a few times until I felt I had the required 16 characters. Writing some code to produce a fairly random string is incredibly easy. I've easily done it a dozen times or more. Though only because it is easier to re-write it than to find where I put the last one

He gives two examples that work, but aren't the best possibilities for making truly random strings - one using mt_rand to select a random character from a string and the other using the same idea but instead using the char() function to replace the string of characters.

His other examples include the use of the uniqid function with the more_entropy setting enabled and an md5 or sha1 hash (for which he gives positives and negtives).

tagged: random string mtrand md5 sha1 chr uniqid moreentropy

Link:

Tobias Schlitt's Blog:
Randomized Pi calculation
Apr 02, 2007 @ 10:04:00

Since there is no "magic variable" to get a value for Pi in an application, Tobias Schlitt offers up the next best thing - his homegrown solution for creating the value (using a randomized variation).

I don't know which is the most common way to calculate Pi in computer programs, but from the stochastics book a read for my recent stochastics exam, I have a randomized variation, which is quite cool I think.

The code example is included along with a bit of explanation for those not familiar with the concepts behind it. It uses two of PHP functions, pow() and mt_rand(), to run through a series of iterations and, using a preset precision value, find the "hits" to finally calculate the value at the end.

tagged: randomize pi calculation pow mtrand precision randomize pi calculation pow mtrand precision

Link:

Tobias Schlitt's Blog:
Randomized Pi calculation
Apr 02, 2007 @ 10:04:00

Since there is no "magic variable" to get a value for Pi in an application, Tobias Schlitt offers up the next best thing - his homegrown solution for creating the value (using a randomized variation).

I don't know which is the most common way to calculate Pi in computer programs, but from the stochastics book a read for my recent stochastics exam, I have a randomized variation, which is quite cool I think.

The code example is included along with a bit of explanation for those not familiar with the concepts behind it. It uses two of PHP functions, pow() and mt_rand(), to run through a series of iterations and, using a preset precision value, find the "hits" to finally calculate the value at the end.

tagged: randomize pi calculation pow mtrand precision randomize pi calculation pow mtrand precision

Link: