1

In my application, I require a function to generate (unpredictably) random values that differ each time when called such as inside a fast loop.

On Linux platforms which is the platform I will release my script (of which shall be run under SSL in PHP) I will combine possibly multiple facilities to ensure a seed or hash is completely random, by querying /dev/random, possibly combined with OpenSSL's facilities and including system-specific values such as script last modified and creation time.

I am using these specific values, as even if person A had the script and knows the methods, they would not be able to guess the (/dev/random contents, memory usage at the moment, modification time likely, etc) and will not realistically be able to reduce the security of user B running the same script.

On the Windows platform which unfortunately I must develop on for the moment (I still test on Linux, but less often) I require random values of which I described above, just to provided at least limited protection from predicting the seeds or keys.

I had tried as a first attempt using memory_get_usage() (with or without available true parameter for 'true' memory usage for PHP) and it seems that the values remain very static even when each iteration performs a fair amount of memory heavy computation.

Would it maybe be wise to use this (somewhat dynamic) memory usage as a seed, for a PRNG to generate more (quickly) random numbers? Or would the fact that memory is such a limited range they could just create 2^xx seeds and roughly guess it.. I am starting to blur the line of what is realistically random, if it is even possible to guess my operations even if they are 'not' really that random.

Alexander
  • 1,053
  • 11
  • 16

3 Answers3

5

The standard equivalent of the /dev/random (or the generally recommended /dev/urandom) Unix device on Windows is the CryptGenRandom function from CryptoAPI.

In PHP, you should be able to use mcrypt_create_iv() with MCRYPT_DEV_URANDOM, which uses /dev/urandom on Unix and (apparently) CryptGenRandom on Windows.

Ilmari Karonen
  • 49,047
  • 9
  • 93
  • 153
2

A Mersenne Twister (what mt_rand uses) is a good algorithm for non-security purposes but it shouldn't be used for security. Wikipedia: Mersenne Twister: "The algorithm in its native form is not suitable for cryptography... Observing a sufficient number of iterates (624 in the case of MT19937) allows one to predict all future iterates."

Instead it's just as simple to just take the output of a counter, concatenate (or XOR) it with some salt, and hash it with a cryptographically secure hash algorithm like SHA-2. If no one knows your salt, it will be absolutely secure. The salt is then equivalent to Mersenne's seed.

I'm no expert on where to get good random salt on Windows, but you can always concatenate (or XOR) things like system time, memory usage, etc, and hash that with SHA-2. You can even reach outside to a place like Random.org for some true random numbers (if you don't call it too often). The best part about combining sources of randomness with SHA-2 is that every additional source can only add randomness, not subtract it.

Nick S
  • 555
  • 4
  • 17
-1

Why not just use something like?

mt_rand({min}, {max});

More info here: http://php.net/manual/en/function.mt-rand.php

Chuck Burgess
  • 11,600
  • 5
  • 41
  • 74
  • Is the generated series of mt_rand static unless seeded? This is where I am having trouble understanding, that to seed mt_rand you must use another technique that may be insecure as they will have the code and know the seeding method. – Alexander Apr 25 '11 at 02:16
  • 2
    `mt_rand()` will seed itself, unless you specifically override with `mt_srand()`. – Marc B Apr 25 '11 at 02:37
  • Alright, this will greatly simplify my application and thinking, I must've been really paranoid about that. – Alexander Apr 25 '11 at 02:42
  • Note that Mersenne Twister is _not_ a cryptographically secure PRNG, and even if it were, the automatically chosen seed is unlikely to have very much entropy. I'm not sure how PHP's `mt_rand()` seed is chosen, but it's quite likely that a determined attacker could figure it out (after all, the source is out there) and exploit it. – Ilmari Karonen Nov 05 '11 at 01:25
  • mt_rand() is not a CSPRNG and shouldn't be used for anything security related. –  Dec 18 '11 at 17:52
  • Show me a determined hacker who would attempt to exploit a mt_rand() vs brute force or some other easier method. If the entire security system depends on mt_rand(), there are bigger issues that what we are discussing here. ;) – Chuck Burgess Dec 19 '11 at 17:01
  • 1
    "This function does not generate cryptographically secure values, and should not be used for cryptographic purposes." – Crecket Sep 23 '15 at 07:59