dangerous to be sure, but it's also a technically valid seed, are you sure we should disallow a valid seed?
On Thu, 4 Aug 2022 at 20:33, Tim Düsterhus <t...@bastelstu.be> wrote: > Hi > > On 8/4/22 10:09, Anton Smirnov wrote: > > xoshiro** has a known edge case: all-zero seed > > Indeed, good catch. I had that in mind, but forgot about it. > > > <?php > > > > $engine = new \Random\Engine\Xoshiro256StarStar(str_repeat("\0", 32)); > > > > while (true) { > > echo hex2bin($engine->generate()), PHP_EOL; // 0000000000000000 > > } > > > > It should be documented and/or handled > > > > It's only for a string seed, int seed is not affected > > > > I've created a PR here: > > https://github.com/php/php-src/pull/9250 > > I've opted to throw a ValueError in that case, as that's the only safe > option that does not introduce a bias. > > The 32xNUL seed basically should only happen for manually written > testing input and not happen otherwise. An actual random seed will > result in 32 NUL bytes with just a 2**-256 chance and when relying on > the implicit CSPRNG seeding (`null` as seed parameter) my PR will just > retry to catch even that edge case. > > Best regards > Tim Düsterhus > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > >