PRNG question / idea

[joshstrike]

Can any math-inclined people tell me if this works...?

I'm looking for a better way to seed mt_rand(), something that would yield more than the million seeds you get from (double)microtime()*1000003.

Some people have suggested something like:

PHP Code:

$seed=hexdec(substr(md5((double)microtime()*1000003),-8)) & 0x7fffffff; 


But I don't see how this is any more random, since there are only a million md5 hashes you can generate from microtime anyway; the pool is the same size.

In my application, a secondary (though less-reliable) source of randomness is that I don't know the exact last time the generator was seeded, because it hinges sometimes on user interaction. (Other times, reseeding happens in a loop). So my thought was that I could try this:

PHP Code:

$seed=hexdec(substr(md5((double)microtime()*1000003),-mt_rand(6,8))) & 0x7fffffff; 


which I think should leverage the (unknowable) last seed to choose the length of the md5 substring, which could now yield 6, 7 or 8 digit long hexidecimals (instead of 8 digits only).

My question is, does this increase the true number of possible random seeds to 3 million? Or is that an error in my reasoning?

[joshstrike]

bump?

[Musicman]

Hi,

it seems that the crypt people take rannomness from looking at diverse things in the system (so one conceivable source of input could be the microtimes of the last few tcp packets that reached the machine from anywhere) and make that randomness available to programs. Why not just read /dev/random or whatever the system provides?

Musicman

[joshstrike]

Huh. Yeah, I guess that might work... using /dev/random for the seed and then cycling through an mt algorithm...
I'm still wondering whether my method increases the number of seeds from 1 to 3 million or if my math is wrong. It would be easier than running exec() from php all the time, anyway...