随机数函数的目的是获得(您猜对了)一个随机数,这是您无法预测(或者很难准确预测)的东西。如果 mt_rand()
函数比旧的 rand()
更快且更不可预测(更“随机”),为什么不将底层实现切换到新方法呢?
换句话说,如果/因为底层实现发生变化,哪种使用 rand()
的程序会在更高版本的 PHP 中中断?
最佳答案
主要是因为那是 PHP 方式。就像他们添加了 mysql_real_escape_string
而不是用它替换 mysql_escape_string
一样。
然而,这也可能与 mersenne-twister 算法的缺点有关(我不知道它们是否也存在于 rand()
算法中):
The algorithm in its native form is not suitable for cryptography (unlike Blum Blum Shub). Observing a sufficient number of iterates (624 in the case of MT19937, since this figure is the size of the state vector from which future iterates are produced) allows one to predict all future iterates. A pair of cryptographic stream ciphers based on output from Mersenne twister has been proposed by Makoto Matsumoto et al. The authors claim speeds 1.5 to 2 times faster than Advanced Encryption Standard in counter mode. wikipedia
Another issue is that it can take a long time to turn a non-random initial state (notably the presence of many zeros) into output that passes randomness tests. A small lagged Fibonacci generator or linear congruential generator gets started much more quickly and usually is used to seed the Mersenne Twister with random initial values. wikipedia
关于php - 如果 PHP 的 mt_rand() 使用比 rand() 更快的算法,为什么不直接更改 rand() 以使用更新的实现呢?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11528027/