homepage Welcome to WebmasterWorld Guest from 54.166.255.168
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
srand - consistent random results
Problem to get consistent random results
doc_z

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 3:32 pm on Oct 31, 2008 (gmt 0)

I'm using a script for many years to get consistent random results (example [webmasterworld.com]) by seeding random number generator with srand($id).

So far there wasn't any problem with this. Latterly I'm getting problems because even with srand($id) I'm getting different random numbers every time. It seems that the seed doesn't work or that the random number generator is 're-seeded'. Perhaps this was caused by a new PHP version (now it's 5.2.6), but I'm not sure what my provider changed.

How can I ensure getting consistent random number?

Added: I had a look at the configuration and saw that "suhosin.srand.ignore" is set "On". Is this setting causing the problems?

 

IanKelley

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 12:24 am on Nov 2, 2008 (gmt 0)

As of PHP 5 (and I believe possibly later versions of 4) random numbers are seeded automatically.

You should be able to remove any calls to srand and still get "true" random numbers.

doc_z

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 3:38 pm on Nov 2, 2008 (gmt 0)

Tanks for the answer. Of course, seeding like srand((double)microtime()*1000000); isn't necessarily since PHP 4.2.0. But it don't need "true" random numbers, I need random numbers which are the same for the same seed, e.g.

srand($id);
$random = rand(min, max);

has to be the same for the same $id.

That's why it's a "pseudo" random generator.

IanKelley

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 5:54 pm on Nov 2, 2008 (gmt 0)

Ah ok, I misunderstood what you were looking for.

The reason they changed this was because predictable random numbers are a security hole.

Wouldn't MD5 (with some kind of pre-obfuscation for security) be a reasonable replacement for what you need?

doc_z

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 6:38 pm on Nov 2, 2008 (gmt 0)

The reason they changed this was because predictable random numbers are a security hole.

Interesting, I haven't heard about this so far. Is this change automatically implemented in newer PHP versions? If yes, I'll get problems with even more projects (which use similar techniques) running on other servers.

MD5 isn't an option. I most of the cases I need random integers in a range from 1 - 100000. crc32 might work if it's generated almost random values in this range. Otherwise I have to implement my own function to generate pseudo random numbers, but this would be take some time and might be slow.

IanKelley

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 8:07 pm on Nov 2, 2008 (gmt 0)

Yes as I understand it the change is a part of all current and future PHP versions.

Have you tried the OS random number generator? On a linux box it would be '/dev/random', not sure on Windows. I've never needed to use it so I don't know if /dev/random will do what you want but it's worth a look.

doc_z

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 8:26 pm on Nov 2, 2008 (gmt 0)

Yes as I understand it the change is a part of all current and future PHP versions.

Do you have any link where I can look for details? So far I haven't seen anything. Finally this would mean that srand() is useless and things like this [php.net] wouldn't work anymore.

Have you tried the OS random number generator?

Good idea. This might work for some of my other projects but not for this one because I don't have access to the OS (it's a simple webhosting package).

IanKelley

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 12:35 am on Nov 3, 2008 (gmt 0)

I can't find an official source and I don't remember where I originally read about this.

Did a couple Google searches and found the following related article and post, change seems to have been made in 5.2.6:

http://www.securiteam.com/unixfocus/5FP0220OAE.html [securiteam.com]

It's not that srand becomes useless, it presumably still provides a seed for the random number generator, it's just that there is an additional seed generated internally (or so it seems).

[edited by: dreamcatcher at 8:28 am (utc) on Nov. 3, 2008]
[edit reason] Removed forum link. [/edit]

doc_z

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 12:46 pm on Nov 3, 2008 (gmt 0)

Thank you for posting that useful link.

Indeed, it seems that the change just ensures that the intial seed (which is generated internally) is better than before. And this change shouldn't effect re-seeding rand() using srand().

However, srand() currently doesn't work. Therefore, either
- my problem is caused by another change
- the article is incomplete and they also made a change for srand()
- it's a bug which will be fixed

IanKelley

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 6:49 pm on Nov 3, 2008 (gmt 0)

The second link (which was removed) related directly to the problem you're having.

The remaining link is only related in that it involves random numbers and security and was part of the same PHP version update (which included a variety of security patches).

I'm not sure why information on this isn't more readily available but I'm nearly certain it is an intentional change and not a bug.

doc_z

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3777515 posted 8:38 pm on Nov 3, 2008 (gmt 0)

Thank you for your help.

Finally, I solved the problem by adding

php_value suhosin.srand.ignore 0

to my .htaccess (which changes the local PHP configuration).

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved