Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

Understanding Security Risks of PHP's Weak Random Number Generators

General Esm H446
PHP comes with two random number generators named rand() and mt_rand(). The first is just a wrapper around the libc rand() function and the second one is an implementation of the Mersenne Twister pseudo random number generator. Both of these algorithms are seeded by a single 32 bit dword when they are first used in a process or one of the seeding functions srand() or mt_srand() is called. This is a great article by Stefan Esser on attacking php PRNG. He explains the attack in such a way that it's easy to understand.

The link for this article located at suspekt is no longer available.