bcrand() not working

[danielmarschall]

I have looked at your bcrand() function and noticed that it does not work.

You have called openssl_random_pseudo_bytes() as if the arguments were "min, max", but actually they are "length, &output", at least for the current version of PHP.

I have replaced it with mt_rand() and now the function works as expected:

return bcadd(bcmul(bcdiv(mt_rand(), mt_getrandmax(), strlen($max)), bcsub(bcadd($max, 1), $min)), $min);

[Woodehh]

You shouldn’t use mt_rand() for cryptographic purposes: https://www.php.net/manual/en/function.mt-rand.php

…

Op 29 feb. 2020 om 19:33 heeft Daniel Marschall ***@***.***> het volgende geschreven:  I have looked at your bcrand() function and noticed that it does not work. You have called openssl_random_pseudo_bytes() as if the arguments were "min, max", but actually they are "length, &output", at least for the current version of PHP. I have replaced it with mt_rand() and now the function works as expected: return bcadd(bcmul(bcdiv(mt_rand(), mt_getrandmax(), strlen($max)), bcsub(bcadd($max, 1), $min)), $min); — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[danielmarschall]

openssl-random-pseudo-bytes() isn’t necessarily cryptograpic secure since it is a PRNG. The question is if bcrand() is supposed to be cryptographic secure.