News Feed

News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way
php_mt_seed went beyond PoC (mt_rand seed cracker)
November 05, 2013 @ 12:49:12

As has reported, a flaw has been found in PHP's mt_rand functionality that allows the prediction of the result with just some of the other results.

With the functionality added in October, our php_mt_seed PHP mt_rand() seed cracker is no longer just a proof-of-concept, but is a tool that may actually be useful, such as for penetration testing. It is now a maintained project with its own homepage:

They include a bit of illustration code showing how the see cracker works - generating 10 "random" numbers between 0 and 9. An example of running the "php_mt_seed" command against these values is shown along with the time to crack (just under 20 seconds). There's also an example of cracking when you don't know all 10 numbers in the sequence too. This further reinforces the best practice of not using mt_rand when you need strong random numbers for the security related functionality of your application (something like openssl_random_pseudo_bytes is a much better option).

0 comments voice your opinion now!
mtrand seed cracker proofofconcept poc openwall


Community Events

Don't see your event here?
Let us know!

application symfony interview api composer introduction php7 community programming series language list example opinion project part2 laravel framework podcast yii2

All content copyright, 2015 :: - Powered by the Solar PHP Framework