blog.nordenfelt.com

Ever Needed an Ajax Loader Image?
Internet Explorer Vulnerability

Random You Say! Oh, Really…

I don’t know how many times I’ve stumbled across PHP code for generating random strings and numbers that aren’t random at all.

Take this example that I just found for instance:

<?php
...
$RandomStr = md5(microtime());
...
?>

Statement from the author: “…[md5 (microtime ())] use to generate the random string…”. [source]
So very wrong… I can predict the time and hence I can predict the outcome of that piece of code. That’s not random.
If you have a look at the website where I found this you can of course argue that the above snippet would be sufficient and maybe it is enough to fool most bots but it’s still not random and that’s my point.

If you wonder about the definition of Random I think wikipedia is doing quite a good job at it.

By: Nordenfelt | 2008/12/09 17:02 | PHP | Comments [RSS 2.0]

Write Comment

CAPTCHA image


Comment Preview


#

2 Responses to Random You Say! Oh, Really… »

1
Comment by hogge | 2008/12/09 at 22:36:54

i remember from university that my computer science prof (dr of theoretical astrophysics) always said that “the generation of truly random numbers is one of the challenges that computer science has yet to tackle”.

2
Comment by Nordenfelt | 2008/12/09 at 22:39:05

That is true, there’s always an algorithm somewhere that can be predicted. A truly random number doesn’t exist as far as I know but this example is just silly.

10 Most Recent Twits

Loading twits...

- © 2008 Carl Nordenfelt, Stockholm, Sweden - www.nordenfelt.com -

- -

- RDF/RSS 1.0 - RSS 0.92 - RSS 2.0 - Atom - Comments [RSS 2.0] -

- Since December 2006 - Posts: 270 - Comments: 317 - Categories: 61 -