PHP "randomize" the rand() function?

Question

Hi everyone I was wondering what could be possible to randomize this code even further :

<?php  
    $key=md5('ILOVEYOU');
    $serverseed = floor(time() / 5);
    srand($serverseed);
    $result = rand();

    $modulus_result= $result % 100;

    echo "before: ".$modulus_result."<br>";
    echo "after: ".encrypt($modulus_result, $key)."<br>";
    echo decrypt($modulus_result, $key);

    function decrypt($string, $key){
        $string = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, base64_decode($string), MCRYPT_MODE_ECB));
        return $string;
    }   
    function encrypt($string, $key){
        $string = rtrim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $key, $string, MCRYPT_MODE_ECB)));
        return $string;
    }   

?>

Ok for everyone that stumbled upon this thread and missunderstood the topic, I'm not using this function to protect ANYTHING inside my website, I'm just looking ways to randomize this function as it uses time() as a reference...

I need to generate a random int from 1-100, that seems to work, I'm just looking for other ways to randomize it( if I could explain a bit more, adding some sort of "salt" not encryption of any sort.)

*"so I can protect my website a bit more"* - Can you elaborate on that? It's hard to say what this is really for. — Funk Forty Niner, Apr 22 '17 at 18:41
I don't mean to be harsh, but you seem to have no idea what you're doing. And when dealing with security, that is very dangerous. Anything modulo 100 can only have 100 possible values, which is, computationally speaking, very very little. That is by no means appropriate to secure anything. — Siguza, Apr 22 '17 at 18:45
Well, that's the whole point of this thread, I'm limited to only use this code to generate my number... :[ — Hxfs, Apr 22 '17 at 18:50
I think I wasn't very clear on this topic, maybe you understand my problem a bit better now? — Hxfs, Apr 22 '17 at 18:59

Imanuel · Answer 1 · 2017-04-22T18:59:03.800

3

Check the documentation:

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using random_int(), random_bytes(), or openssl_random_pseudo_bytes() instead.

You might want to use random_int instead.

The problem with that is that was introduced with PHP 7 so you might not be able to use it. In this case, you can get it here, as mentioned in the documentation.

edited Apr 22 '17 at 18:59

answered Apr 22 '17 at 18:42

Imanuel

3,596
4
24
46

Thank you for your comment! I was wondering if the github version of "random_int" allows seeding? I need it as I wanna keep a random number for x amount of time. – Hxfs Apr 22 '17 at 19:44
I don't think so. It also doesn't sound like anything that would be desired for cryptographically oriented algorithms. – Imanuel Apr 22 '17 at 19:51
The problem is I need this random number to be seeded as I need it to be unique for various computers, therefore the use of time() is mandatory – Hxfs Apr 22 '17 at 20:15

PHP "randomize" the rand() function?

1 Answers1