Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/paragonie/seedspring

Seeded, Deterministic PRNG (based on AES-CTR instead of LCG)
https://github.com/paragonie/seedspring

Last synced: about 2 months ago
JSON representation

Seeded, Deterministic PRNG (based on AES-CTR instead of LCG)

Host: GitHub
URL: https://github.com/paragonie/seedspring
Owner: paragonie
License: mit
Created: 2015-12-22T18:47:16.000Z (over 8 years ago)
Default Branch: master
Last Pushed: 2024-05-08T16:50:03.000Z (4 months ago)
Last Synced: 2024-07-27T08:22:33.204Z (about 2 months ago)
Language: PHP
Size: 28.3 KB
Stars: 39
Watchers: 7
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # seedspring

[![Build Status](https://github.com/paragonie/seedspring/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/seedspring/actions)

Seeded, Deterministic PRNG (based on AES-CTR instead of LCG) (**Requires PHP 7 or [random_compat](https://github.com/paragonie/random_compat)**)

## Security Warning

This is not meant to replace `random_bytes()`. Think of this as an improvement

to `srand()` + `rand()`. **Do not use this for security purposes.**

## Installing

```sh

composer require paragonie/seedspring

```

### Usage

```php

use \ParagonIE\SeedSpring\SeedSpring;

// For example

$sharedSeed = str_repeat("\x80", 16);

$rng = new SeedSpring($sharedSeed);

$data = $rng->getBytes(1024);

$int = $rng->getInt(1, 100);

```

### Motivation

A cryptographically secure pseudorandom number generator, such as `random_int()`,

is wonderful for security purposes. However, there are situations where you need

to generate a deterministic, pseudorandom byte stream on two devices from a

shared seed. (e.g. something like Minecraft's world generator).

PHP's native seedable (and insecure) RNGs, `rand()` and `mt_rand()`, only 

support a 32-bit integer seed, which severely limits the possible outputs. Our

deterministic RNG supports up to 2^128 possible outputs, since it's based on a

128-bit block cipher.

Our implementation uses AES-128-CTR to turn a finite, 128-bit key into an

practically endless stream of random bytes. 

It will repeat after 2^132 bytes of output. You should consider rekeying after 

2^66 bytes.

For anything security-sensitive, you should rekey after 2^39 bytes. This is

because the probability of predicting successive blocks becomes unacceptably

high for security operations.