If you are a programmer, you sometimes find yourself in the need for random numbers. There are many possible use cases:
- Generate data for unit-tests.
- Build secure passwords or keys as input for ciphers like AES, Twofish and its colleagues.
- Simulating the real world for modelling applications.
- A prominent use case: Lot's of gambling sites depend on good random number generators.
Now if you code in PHP, there are quite some different ways to obtain
random numbers. There is the
rand ( int $min , int $max
) function for
instance: It yields a random number within the range specified by the
The documentation states that this approach isn't particularly secure
and shouldn't be used for applications that need to feed algorithms with
cryptographically secure random data. Then there's
mt_rand ( int
$min , int $max )
that apparently creates better random values. Certainly not suitable
for crypto purposes as well.
There were/are quite some applications concerned with security bugs because of using
mt_rand() for passwords, encryption keys,
session cookies, CSRF tokens and the like. See also this link to a
related discussion on
But because of convenience of the
$max interfaces of …