Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove seeding in random number generator #9535

Merged
merged 1 commit into from Jan 17, 2016
Merged

Remove seeding in random number generator #9535

merged 1 commit into from Jan 17, 2016
+0 −4

Conversation

Joey3000
Copy link
Contributor

This is done for the following reasons:

Note: The only other rand()/mt_rand() (re-)seeding is in the "Faker" library in https://github.com/piwik/plugin-VisitorGenerator/blob/1.2.2/libs/Faker/Faker/Generator.php#L137, but it doesn't seem to be used at the moment - see https://github.com/piwik/plugin-VisitorGenerator/blob/1.2.2/libs/Faker/readme.md#seeding-the-generator for its use case.

@Joey3000
Remove PRNG seeding
bc06df8 
This is done for the following reasons:
* Code clean-up. From https://secure.php.net/manual/en/function.mt-srand.php:
> Note: There is no need to seed the random number generator with srand() or mt_srand() as this is done automatically.

* Re-seeding of PRNGs makes them more predictable. E.g., the `microtime()` which is used for the seeding:
  * On Windows (before Win8): seems to return 0, according to https://stackoverflow.com/questions/18889244/php-5-5-on-windows-microtime-behavior.
  * On other OSes: The current time is easily guessable, with the "microseconds" part brute-forcible.
@Joey3000
Copy link
Contributor Author

The one test failure does not seem to be related to this change:

�[0K$ git fetch origin +refs/pull/9535/merge:

No output has been received in the last 10 minutes, this potentially indicates a stalled build or something wrong with the build itself.

The build has been terminated

@tsteur
Copy link
Member

tsteur commented Jan 17, 2016

Thx for the PR!

See http://us2.php.net/manual/en/function.mt-srand.php

There is no need to seed the random number generator with srand() or mt_srand() as this is done automatically.

Therefore LGTM 👍

FYI: Method was initially added in 2b9182d#diff-805dc290a8e0e0e5b40c289a532e3297R760 and it seems not be related for any special reason.

tsteur added a commit that referenced this pull request Jan 17, 2016
@tsteur
Merge pull request #9535 from Joey3000/no_rand_seed
7df7ece 
Remove PRNG seeding
@tsteur tsteur merged commit 7df7ece into matomo-org:master Jan 17, 2016
@tsteur tsteur added the c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github. label Jan 17, 2016
@tsteur tsteur added this to the 2.16.0 milestone Jan 17, 2016
@tsteur tsteur self-assigned this Jan 17, 2016
@Joey3000 Joey3000 deleted the no_rand_seed branch January 18, 2016 01:27
@mattab mattab changed the title Remove PRNG seeding Remove seeding in random number generator Jan 30, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@tsteur tsteur

Labels
c: Security For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Projects
None yet
Milestone
2.16.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Joey3000 @tsteur