Difference Between Mt_Rand() and Rand()

Difference between mt_rand() and rand()

Update

Since PHP 7.1 mt_rand has superseded rand completely, and rand was made an alias for mt_rand. The answer below focuses on the differences between the two functions for older versions, and the reasons for introducing mt_rand.

---

Speed was not why mt_rand was introduced!

The rand function existed way before mt_rand, but it was deeply flawed. A PRNG must get some entropy, a number from which it generates a sequence of random numbers. If you print out a list of ten numbers that were generated by rand() like so:

for ($i=0;$i<10;++$i)
    echo rand(), PHP_EOL;

The output can be used to work out what the rand seed was, and with it, you can predict the next random numbers. There are tools out there that do this, so google a bit and test it.

There's also an issue with rand relativily quickly showing patterns in its random numbers as demonstrated here. A problem mt_rand seems to solve a lot better, too.

mt_rand uses a better randomization algorithm (Mersenne Twist), which requires more random numbers to be known before the seed can be determined and is faster. This does not mean that mt_rand is, by definition, faster than rand is, this only means that the way the numbers are generated is faster, and appears to have no real impact on the function's performance, as other answers here have demonstrated.

Either way, have a look at the mt_srand and the srand docs. I'm sure they'll contain some more info

If mt_rand's algorithm translates in an increase in performance, then that's great for you, but it's a happy coincidence. TL;TR:

mt_rand was introduced to fix the problems that exist in rand!

is mt_rand() more secure than rand()

Directly from the docs:

This function does not generate cryptographically secure values, and should not be used for cryptographic purposes. If you need a cryptographically secure value, consider using openssl_random_pseudo_bytes() instead.

mt_rand generates better random numbers than rand, and much faster. But that doesn't make it "secure" in the sense that it should be used for cryptography. Whether it's secure enough for your application is pretty subjective.

What's the disadvantage of mt_rand?

mt_rand uses the Mersenne Twister algorithm, which is far better than the LCG typically used by rand. For example, the period of an LCG is a measly 2³², whereas the period of mt_rand is 2¹⁹⁹³⁷ − 1. Also, all the values generated by an LCG will lie on lines or planes when plotted into a multidimensional space. Also, it is not only practically feasible, but relatively easy to determine the parameters of an LCG. The only advantage LCGs have is being potentially slightly faster, but on a scale that is completely irrelevant when coding in php.

However, mt_rand is not suitable for cryptographic purposes (generation of tokens, passwords or cryptographic keys) either.

If you need cryptographic randomness, use random_int in php 7. On older php versions, read from /dev/urandom or /dev/random on a POSIX-conforming operating system.

PHP rand() vs. random_int()

Revisiting the question and seeing there's been an answer given, I find it's only fair that I submit my comments to an answer, seeing they were submitted before.

The manual on PHP 7's random_int() function states:

"Returns a cryptographically secure random integer in the range min to max, inclusive."

• http://php.net/manual/en/function.random-int.php

and for rand()

*This function does not generate cryptographically secure values" *

• http://php.net/manual/en/function.rand.php

OP's comment:

"@Fred-ii- thank you. But what does "cryptographically secure pseudo-random" mean? – NDFA"

That can be found in the following links as per my findings:

• https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator

Which states:

A cryptographically secure pseudo-random number generator (CSPRNG) or cryptographic pseudo-random number generator (CPRNG)[1] is a pseudo-random number generator (PRNG) with properties that make it suitable for use in cryptography.

---

• How does a cryptographically secure random number generator work?

In regards to performance, you will need to run a benchmark yourself.

Random value options

Note that mt_rand() and rand() just for generate random no.

From the Manual: mt_rand — Generate a better random value

From the Manual: rand — Generate a random integer

For your array you can use array_rand() for getting random value.

Example:

$myarrayofnames = ["Marcelle","Caroll","Kristina","Tisha","Filomena","Vesta","Josphine"];
$randomNo = array_rand($myarrayofnames,1);
echo $myarrayofnames[$randomNo]; // this will print the random value

If you just want only one single value from your array than you can just pass 1 in second param.

If you want more than one value from your array than you can pass no as per your array index count. In this case array_rand() will return an array.

If you want to learn about the Difference between mt_rand() and rand()

Calling rand/mt_rand on forked children yields identical results

That is because all children start with the same state (fork() duplicates the code and data segments). And since rand and mt_rand are pseudorandom generators, they will all generate the same sequence.

You will have to re-initialize the random generator, for example with the process/thread ID or read a few bytes from /dev/urandom.

Is rand() time-dependent in php?

the rand() and also mt_rand() calls srand() and mt_srand() to produce always random results.
But here's an interesting post on php.net:

Note that the automatic seeding seems to be done with the current
number of seconds which means you can get the same results for several
runs on a fast server. Either call srand() yourself with a more
frequently changing seed or use mt_rand() which doesn't appear to
suffer from the problem.

So, just call srand more frequently or mt_rand.

mt_rand and rand not changing on page reload

You have a server side cache for your PHP script response:

HTTP/1.1 200 OK
Date: Sun, 08 Oct 2017 20:17:58 GMT
Content-Type: text/html
Vary: Accept-Encoding
X-Varnish: 291144118 290391078
Age: 7
X-Cache: HIT
X-Cache-Hits: 5
Accept-Ranges: bytes
Connection: keep-alive

Disable the cache in your server configuration or ask the administrator to do so.

---

Related Topics