News Feed

News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way
php_mt_seed went beyond PoC (mt_rand seed cracker)
November 05, 2013 @ 12:49:12

As has reported, a flaw has been found in PHP's mt_rand functionality that allows the prediction of the result with just some of the other results.

With the functionality added in October, our php_mt_seed PHP mt_rand() seed cracker is no longer just a proof-of-concept, but is a tool that may actually be useful, such as for penetration testing. It is now a maintained project with its own homepage:

They include a bit of illustration code showing how the see cracker works - generating 10 "random" numbers between 0 and 9. An example of running the "php_mt_seed" command against these values is shown along with the time to crack (just under 20 seconds). There's also an example of cracking when you don't know all 10 numbers in the sequence too. This further reinforces the best practice of not using mt_rand when you need strong random numbers for the security related functionality of your application (something like openssl_random_pseudo_bytes is a much better option).

0 comments voice your opinion now!
mtrand seed cracker proofofconcept poc openwall


blog comments powered by Disqus

Similar Posts php_mt_seed went beyond PoC (mt_rand seed cracker) php_mt_seed went beyond PoC (mt_rand seed cracker)

Leaseweb Labs Blog: POC: Flexible PHP Output Caching

Gareth Heyes: Bypassing XSS Auditor

Pádraic Brady: Predicting Random Numbers In PHP - Itís Easier Than You Think!

Community Events

Don't see your event here?
Let us know!

opinion part2 list yii2 project community programming php7 podcast language introduction application laravel framework example symfony series api interview composer

All content copyright, 2015 :: - Powered by the Solar PHP Framework