Support for typical php mt_rand default seeds:

Question

Support for typical php mt_rand default seeds:

altf4 opened this issue 10 years ago · 1 comments

PHP apps that implicitly seed their mt_rand do so according to the algorithm here:

http://lxr.php.net/xref/PHP_5_4/ext/standard/php_rand.h#46

#define GENERATE_SEED() (((long) (time(0) * getpid())) ^ ((long) (1000000.0 * php_combined_lcg(TSRMLS_C))))

There's not a whole lot of entropy in the unix timestamp of the server start plus PID. This would make breaking PHP apps that use implicit seeding a lot easier.

Answer 1 · 2015-04-23T21:15:02.000Z

On my Linux system, pid_max is 32768:

cat /proc/sys/kernel/pid_max
32768

We might be able to safely include all possible PIDs, or maybe just some on the lower end. 32k isn't that many.

time(0) can be limited to a reasonably likely window, too. Maybe just the last year or so.