PHP srand problems with suhosin

December 13, 2010
By

Today I stumbled across an odd problem which took me about an hour to figure out what was going on. It had to do with mt_srand(), where it looked like it didn’t work properly. I needed a repeatable sequence of random numbers (which is EXACTLY what the Mersenne Twister produces) so I used mt_srand() with a fixed number (for testing purposes) and tried to see if the same sequence of random values were generated by mt_rand()..  It didn’t…

It turns out that the problem is the suhosin-patch, which comes standard with the Debian php install. It actually ignores any mt_srand() or srand() calls you make and initializes the randomizer by itself. The good thing about that is you don’t have to worry about seeding the algorithm (but then again, you really shouldn’t worry about it anyway) and it’s a great way to keep yourself shooting in the foot by issues a fixed number to srand() which 9 out of 10 times is NOT what you want. However, there ARE times you need to produce the same random string over and over again for whatever reason (in my case, for benchmarking multiple algorithms which need the same sequence of random data).

Fixing is very easy: to change suhosin’s behaviour you have to add this to your php.ini, or htaccess file:

and after a restart your pseudo random sequencer works just as intended. Make sure you place this inside your /etc/php5/cli/php.ini as well if you are using srand() or mt_srand() on the command line as well.





Share

Tags: , ,

4 Responses to PHP srand problems with suhosin

  1. April 5, 2012 at 11:21

    Many thanks for this. The srand-behaviour of my server changed abrupt and with this all is good again ;-)