[RESOLVED] Random numbers method Question

Rivet

Hi all,

If I'm in the wrong place, feel free to redirect me; no problem.

I've been thinking about, and discussing with a few people, two different ways to use mt_rand() and though it's sort of a philosophical question(IMO), thought I'd ask it here.

Is there any difference in security w/r to the following two methods; e.g. is one more "secure" than the other?

Using say,

$a= mt_rand(-999999, 999999);

to generate a 6 digit code?

OR using:

 
  $x= mt_rand(-999,9999);
   $y= mt_rand(-999,999);
   $z= mt_rand(-999,850);
  ...
   $a=($a.$b.$c... (various other operations adding random $, #, etc.);

Most think the second method is superior but several others argue the point.

The good thing about the second method, IMO, is:
1. It makes the number much easier to read by humans when they have to enter it into an Input box.
2. It creates a differing number of dashes on each runs and so far after over a thousand runs recorded, never repeats a number or sequence.
3. The length of the variable is also random.
4. And unlike captcha, it's easy to read by humans.

But is all that code for naught? Is it anymore secure than just the random number?

:quiet:Thanks for any opinions you have have,

Rivet`

NogDog

As presented here, the second method is more "secure" in that it generates a larger range of numbers: 10 digits versus the 6 digits in the first method.

Rivet

NogDog;11031221 wrote:
As presented here, the second method is more "secure" in that it generates a larger range of numbers: 10 digits versus the 6 digits in the first method.

Yeah; I should have been more careful and made the two examples with the same length codes.

Thanks for the response though!

Rivet`

Rivet

Just to clarify an error I made: let's assume the first method is:

$a= mt_rand(0, 9999999999);

instead of the
<code>$a= mt_rand(-999999, 999999);</code>

used in the original post.

All other things being equal, it's the methodology I'm interested in comparing, so the string lengths should have been the same to begin with.

Rivet`

laserlight

I suggest that you first define your requirements. What is permitted for this "6 digit code"? From there, you can then describe an algorithm for each of the two methods that you have in mind, along with a correct reference implementation for discussion.

Rivet

laserlight;11031367 wrote:
I suggest that you first define your requirements. What is permitted for this "6 digit code"? From there, you can then describe an algorithm for each of the two methods that you have in mind, along with a correct reference implementation for discussion.

I'll do my best:

Requirements:
pick the more secure implementation of a random number from two choices I have. Avoid Captcha type codes, etc. along with their un-readability and so forth.
Method 1: A simple mt_rand generation of a ten digit code.
Method 2: A more complex code generation using a concatenation of 3 mt_rand generated codes, using for instance, (-999, 999) for the range.
Each code thus can have a length of 1 to 3 digits, with possible negative digits, placing a "_" almost randomly within the digits. Min length would thus be 3, and max of 9 except when all negative, and # characters total becomes 12.
Never allow an access without having to use a new code; coded that way. Failure anywhere send the user back to the first page of the form where each load shows a new number to be used.

Permitted within the code:
Digit strings ONLY. Specifically nothing but a digit is allowed within the input box. Anything else stops the code in its tracks but does show a link to "start over" with the initial entry page, although all data is gone and sessions closed, etc.

I don't know what you mean by a "correct reference implementation" for discussion. If you mean the code, it's

Method 1:
$d=mt_rand(0, 999);

Method 2:

$a= mt_rand(-999,9999);
   $b= mt_rand(-999,999);
   $c= mt_rand(-999,850);
   $d=($a.$b.$c);
	$_SESSION["d"] = $d;
	$e = substr_count($d, '-');
	$_SESSION["e"] = $e;
	   echo "<h2><b>Your Temporary Code is : " . $d . "</b></H2>";
?>

There are other things I do to that code, but they aren't relevant to the question being asked: Is there a functional difference between the two w/r to Security from hackers, crackers, bot, etc. etc. The input code is also well filtered and protected but that's again not the question being asked.

Thanks much for the comeback,

Rivet`:quiet:

laserlight

Sorry if this comes across as nitpicking, but you are inconsistent:

Rivet wrote:
Method 1: A simple mt_rand generation of a ten digit code.

Rivet wrote:
Method 1:
$d=mt_rand(0, 999);

mt_rand(0, 999) would produce a number that has 1 to 3 digits in decimal representation.

Likewise:

Rivet wrote:
Method 2: A more complex code generation using a concatenation of 3 mt_rand generated codes, using for instance, (-999, 999) for the range.

Rivet wrote:
Digit strings ONLY. Specifically nothing but a digit is allowed within the input box. Anything else stops the code in its tracks but does show a link to "start over" with the initial entry page, although all data is gone and sessions closed, etc.

If "-100" might be part of a valid code, yet the user is only permitted to enter digits, then the user can never enter that valid code.

Anyway, I gather that your idea here is to provide a one time use code to the user to access a protected page (or a collection of pages). You are not interested in checking that the user is a "real human" rather than a bot, hence a CAPTCHA is not desired. Perhaps you will send the code to the user by email, or a phone message, etc.

Your question, if I understand it correctly, boils down to asking if three calls to mt_rand is more secure than one for this purpose. I would say no: if the attacker knows the state of the PRNG, he/she can figure out the code, whether you use one call to mt_rand or three. If the attacker does not know the state of the PRNG, then he/she would not be able to figure out the code even with just one call to mt_rand, assuming that you use a sufficiently large range and make a brute force attack difficult, e.g., by limiting the number of unsuccessful tries within a time period.

Rivet

laserlight;11031405 wrote:
Sorry if this comes across as nitpicking, but you are inconsistent:

mt_rand(0, 999) would produce a number that has 1 to 3 digits in decimal representation.

Which I changed in a followup to my own OP to Indicate 10 digits. You must have missed it, or maybe I misspoke somehow.

Likewise:

If "-100" might be part of a valid code, yet the user is only permitted to enter digits, then the user can never enter that valid code.

Wrong: -22 IS a digit! The same way 22 is actually +22. If the user sees "12345-67899, then that is the resultant concatenation of the digits, for example. Technically it might be 1234 and 567 and -899; -899 IS a digit, and is accepted as one! The examples come from WORKING CODE. "-899" is about a thousand digits away from "899". And the code plus filtering etc. ALL works perfectly.

Anyway, I gather that your idea here is to provide a one time use code to the user to access a protected page (or a collection of pages). You are not interested in checking that the user is a "real human" rather than a bot, hence a CAPTCHA is not desired. Perhaps you will send the code to the user by email, or a phone message, etc.

Yes, it is to protect some pages, and:
In the first place, nowadays captchas have actual applications designed to crack them in short order. I also, like many people, don't like captcha because it keeps out as many actual humans as it does bots etc.. In reality my code is developed around the captcha, similar to it, but without the graphic and hard-to-read codes. It's an animal that's past its time, IMO.
In the second place, you're only seeing a single point of the overall process and I'm very interested in seeing that the visitor is human and nothing else. Besides, that comment goes outside the scope of the question and isn't what I asked about.

Your question, if I understand it correctly, boils down to asking if three calls to mt_rand is more secure than one for this purpose. I would say no: if the attacker knows the state of the PRNG, he/she can figure out the code, whether you use one call to mt_rand or three. If the attacker does not know the state of the PRNG, then he/she would not be able to figure out the code even with just one call to mt_rand, assuming that you use a sufficiently large range and make a brute force attack difficult, e.g., by limiting the number of unsuccessful tries within a time period.

Basically, yes, but with qualifiers and different implementations that incorporates negative numbers in place of a single positive digit as most people use. Also, using 3 mt_rands or more, and concatening them makes it easier for the user to enter a long sequence of digits by visually adding the negative numbers to the mix. Thus allowing for more digits to be used. And, it's entered on the opening page, not on the last page as chaptcha does, notifying the user of a mistake before he's entered all of his data, only to lose everything due to an inability to get along with captcha.

If you think I'm being inconsistent, then so be it. But I've done my best to make things clear. Over in my now favorite NEWSGROUP, there were no responses like I get here at all. They were able to immediately grasp my intent and provide meaningful questions in a couple of cases and came back with valid, consistent and useful opinions of the two methods.
I've come to think that your and others' responses here serve no purpose other than to lengthen the thread, which is the only purpose a few of you seem to serve. You NEVER ask for clarification or verification if you don't understand something and NEVE take the time to read everything before you start your speed-responses.
In addition to the above, I also wonder is some of the various names here aren't actually the same person: The persona's are way too similar to be different people.

Actually, if you'd like to do something productive, see about adding a forum for Security to the ones that already exist; that's really what this question was about before you began to side track it, and I clearly indicated that it was about security.

Yes, I've been brutal but ... that's how I am. Otherwise I'd give up this forum instead of realizing it just isn't all that good with posters like you & Brad & a couple others around. You do have some good responders, but I also suspect you keep them under your thumb.

Regards,

Rivet`

laserlight

Rivet wrote:
Wrong: -22 IS a digit!

It isn't. Expressing it in BNF notation, a "digit" is canonically one of these symbols:

digit ::= 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9

at least in the default decimal representation, though the term is also used when representing numbers in other bases, in which case the set of symbols would be different. Consequently, -22 is not a digit. You could say it is a number or more precisely an integer. Likewise, it seems to me that when you say '"-899" is about a thousand digits away from "899"', you actually mean to say that '-899 is about a thousand integers away from 899' (with respect to a number line).

I think the miscommunication here is that when you say "digit", you don't mean it in the usual sense, but rather you are using it to mean a distinct part of the code that the user should enter, e.g.,
[1234] - [5678] - [-7789]
in which case the numeric strings in brackets each form a distinct part of the code. However, if this is so, then you should be more clear as to what you mean by a "ten digit code". Wouldn't you call mt_rand ten times, i.e., once to produce each of the ten parts of the code?

Rivet wrote:
In the second place, you're only seeing a single point of the overall process and I'm very interested in seeing that the visitor is human and nothing else. Besides, that comment goes outside the scope of the question and isn't what I asked about.

I think that is in the scope of the question because whether something is secure depends on what you are trying to protect. For example, if you are providing the user with the code by email, then a bot can defeat this if you are using it as a CAPTCHA just by parsing the contents of the email.

Rivet wrote:
Basically, yes, but with qualifiers and different implementations that incorporates negative numbers in place of a single positive digit as most people use. Also, using 3 mt_rands or more, and concatening them makes it easier for the user to enter a long sequence of digits by visually adding the negative numbers to the mix. Thus allowing for more digits to be used.

That would be increasing the number of possible codes while not significantly increasing the amount that the user has to type. This would make it more secure with respect to a brute force guessing attempt.

Rivet wrote:
And, it's entered on the opening page, not on the last page as chaptcha does, notifying the user of a mistake before he's entered all of his data, only to lose everything due to an inability to get along with captcha.

If you're using it as a CAPTCHA, then it is a CAPTCHA, even if it doesn't use some fancy image with embedded text. Note that you can always save the data even if the user only enters it at the end, only processing the form on success. So, having the user lose what was entered is more a bug than a feature of a CAPTCHA system to protect a form.

Rivet wrote:
Over in my now favorite NEWSGROUP, there were no responses like I get here at all. They were able to immediately grasp my intent and provide meaningful questions in a couple of cases and came back with valid, consistent and useful opinions of the two methods.
I've come to think that your and others' responses here serve no purpose other than to lengthen the thread, which is the only purpose a few of you seem to serve. You NEVER ask for clarification or verification if you don't understand something and NEVE take the time to read everything before you start your speed-responses.
In addition to the above, I also wonder is some of the various names here aren't actually the same person: The persona's are way too similar to be different people.

I am certainly not masquerading as a bunch of different people. Like the other people responding here, I'm a volunteer. I have taken the time to read your posts, and I did my best to understand them, but because I found what you wrote to be inconsistent, I pointed it out for you to clarify. Your accusations are unwarranted and hurtful to someone who has tried to help you, so I am going to stop attempting to help you.

If you are so sure that your "now favorite NEWSGROUP" is so much better at helping you than the community here, go ahead and ask for help there. That is the sensible thing to do, after all.

Rivet

laserlight;11031405 wrote:
Sorry if this comes across as nitpicking, but you are inconsistent:

mt_rand(0, 999) would produce a number that has 1 to 3 digits in decimal representation.

Likewise:

If "-100" might be part of a valid code, yet the user is only permitted to enter digits, then the user can never enter that valid code.

You need to try the code yourself. A negative number is not the same as an unsigned number; it's a different number and expressed differently.
"-" is NOT a separate entity; it's part of the number and the user enters it as such. This is silly.

Anyway, I gather that your idea here is to provide a one time use code to the user to access a protected page (or a collection of pages). You are not interested in checking that the user is a "real human" rather than a bot, hence a CAPTCHA is not desired. Perhaps you will send the code to the user by email, or a phone message, etc.

Already answered. You have NO idea how the entry is used nor what it's final form is. It wasn't part of the question either.

Your question, if I understand it correctly, boils down to asking if three calls to mt_rand is more secure than one for this purpose. I would say no: if the attacker knows the state of the PRNG, he/she can figure out the code, whether you use one call to mt_rand or three. If the attacker does not know the state of the PRNG, then he/she would not be able to figure out the code even with just one call to mt_rand, assuming that you use a sufficiently large range and make a brute force attack difficult, e.g., by limiting the number of unsuccessful tries within a time period.

I assume by "PRNG" you actually mean is "DRBG", but again, that was not the question. I am aware of the acronyms.
And, I do appreciate your response that no, it's not more secure.

Question: How would the attacker know the state of the PRNG?
Anything to do with it is accomplished server-side with the exception of the user's input and viewing that code, it should be a lot harder to figure out what the PRNG is without some good tools, and that would take a lot longer to accomplish, which, due to the site's contents isn't likely to interest anyone but say a college kid or hobbyist; there's just nothing useful to anyone other than the audience it's intended for. However, there being several colleges nearby there are always "tests" going on to see who can break a code first. So far I've caught every single attempt, all were from colleges, and I managed to get their accounts closed on them for the effort. One other one from India was just a probe and never returned; that was about 6 months ago.
My actual intent is to present an easy to use system for particular demographic set of people (who are coming up on their 50th high school reunion, BTW, so most are pretty much technically ignorant.
I'm fully aware there is no such thing as 100% secure and with the right tools any code can be broken, so that's not the issues.
All activity on the site is recorded and reported, so no access goes unnoticed.

I'm happy to have your opinion and it's so recorded, but I do wish you had stuck to the subject more and provided some ballpark reasoning behind your response. So far, the 2nd method has the blessing of most responses and they've been quite candid in their reasoning.

I'm busy the rest of the afternoon so I may not respond very promptly today. But I will always respond to posts that are deserving on one.

Regards,

Rivet`

laserlight

Right, so you're still willing to respond properly rather than just diss me.

Rivet wrote:
And, I do appreciate your response that no, it's not more secure.

Yes, but don't forget my caveat about making a brute force attack difficult as my response was specifically concerning the difference between one call to mt_rand and three consecutive calls, without any other context. If not, drastically increasing the number of possible codes by having a longer code via calling mt_rand more times to generate a code with many portions will be more secure. Your code is effectively a password with specific constraints, so the general idea about having longer passwords and rate limiting for increased security applies.

Rivet wrote:
Question: How would the attacker know the state of the PRNG?
Anything to do with it is accomplished server-side with the exception of the user's input and viewing that code, it should be a lot harder to figure out what the PRNG is without some good tools, and that would take a lot longer to accomplish

Since Mersenne Twister is not cryptographically secure, an attacker can discover the state of the PRNG by observing a sufficient amount of output from the PRNG. As you say, since the PRNG is being used on the server side, doing this in practice is difficult.

Weedpacket

laserlight wrote:
Since Mersenne Twister is not cryptographically secure, an attacker can discover the state of the PRNG by observing a sufficient amount of output from the PRNG. As you say, since the PRNG is being used on the server side, doing this in practice is difficult.

Though providing output based on three consecutive values potentially exposes more about the state than just one.

If the random number generation needs to be "cryptographically secure", then consider checking to see if [man]openssl_random_pseudo_bytes[/man] is available and not broken. But for the given purpose that may well be overkill.

For starting a sequence with

$a= mt_rand(-999,9999);

, half of the possible codes start with [font=monospace]-[/font], but the program will generate one less than ten percent of the time. Among those that don't, there's a strong bias against starting a code with [font=monospace]0[/font] (1 in 10999 as opposed to 1222 in 10999); no sequence starts with [font=monospace]-0[/font] and only one (in that part of the sequence) starts with [font=monospace]0[/font]. All up, just under 10% percent of the sequences generated will start with [font=monospace]-[/font], less than 0.1‰ start with [font=monospace]0[/font], with the remainder being divided evenly among [font=monospace]1[/font], [font=monospace]2[/font], [font=monospace]3[/font], [font=monospace]4[/font], [font=monospace]5[/font], [font=monospace]6[/font], [font=monospace]7[/font], [font=monospace]8[/font], [font=monospace]9[/font].

From

$a= mt_rand(-999,850);

there is a bias in the last pair of characters (a sequence is more likely to end with [font=monospace]27[/font] than [font=monospage]72[/font], for example - and both are more likely than one ending with [font=monospace]05[/font], and the remaining 90.9+%

For the originally-listed advantages of the second method, they're all cosmetic and can be achieved by generating a sequence of digits of some length and then interpolating hyphens at random positions.

Rivet

laserlight;11031417 wrote:
Right, so you're still willing to respond properly rather than just diss me.

Sure, no problem. If you felt dissed I was really trying to get you to go to the question itself and that's all. It also wasn't meant specifically for "you", but more the aggregate of a few other responders in general.
I don't hold grudges, I don't bother to "get even" even when I do feel wronged, and my worst problems are probably animosity or speaking my mind, but speaking my mind at least lets a person know where they stand, even if it's only my opinion.

Yes, but don't forget my caveat about making a brute force attack difficult as my response was specifically concerning the difference between one call to mt_rand and three consecutive calls, without any other context. If not, drastically increasing the number of possible codes by having a longer code via calling mt_rand more times to generate a code with many portions will be more secure. Your code is effectively a password with specific constraints, so the general idea about having longer passwords and rate limiting for increased security applies.

I appreciate your comments, thanks. It's become about the general consensus in my little "circle" here too. I know I need to get more accurate with my OPs here and avoid the silly comparison I made here; I had so many test files I grabbed code from the wrong one in this case. I guess I'd call myself semi-experienced but no guru by a long shot:0.

Since Mersenne Twister is not cryptographically secure, an attacker can discover the state of the PRNG by observing a sufficient amount of output from the PRNG. As you say, since the PRNG is being used on the server side, doing this in practice is difficult.

So true.

Regards,

Rivet`

Weedpacket

Rivet wrote:
Sure, no problem. If you felt dissed I was really trying to get you to go to the question itself and that's all.

But then you went and said:

... though it's sort of a philosophical question(IMO), thought I'd ask it here.

and

Thanks for any opinions you have have,

which pretty much opens the field to wider discussion and opinions about underlying principles.

Rivet

Originally Posted by Rivet

Sure, no problem. If you felt dissed I was really trying to get you to go to the question itself and that's all.

But then you went and said:
...though it's sort of a philosophical question(IMO), thought I'd ask it here.

I still do think it's philosophical; some think 1 method, some the other. If you're asking me to figure out why you took it to mean something it didn't mean to you, well, I can't really do that. I see where you're coming from I think, but ... I guess I gotta get more thoughtful about it here. Strangely enough it wasn't an issue in the other place I posted my query.

and
Thanks for any opinions you have have,

which pretty much opens the field to wider discussion and opinions about underlying principles

True enough, but IMO, you were pretty vague in how you handled it, and made no effort at clear confirmation and verification of none of the things you wanted to know to get clarity of the situation. Rather than ask a question of any kind it seems to me like you just went ahead and worked all around the query itself talking about other things you must have assumed I wouldn't know about, but in fact I did.
While I understand I think, to prevent you from posting some of the things you did would have required practically writing a book and that was not my intent. Everything came from working code as I said, and I had no wish to get anything but opinions on which of the two methods might be better than the other or just "make-work" that wasn't going to help much of anything. Had I not made the error in my OP, it probably would have been simpler, but as I said, all I was looking for was whether anyone else saw any increased security between the two methods. It's a matter of security in itself to not state the exact finalized code and how it was accomplished when it was going to be posted in the clear for the whole world to see. I feel I succeeded in that and managed to miff you in the process. Sorry 'bout that; it wasn't my intent.

Cheers & Regards,

Rivet`

Weedpacket

Rivet wrote:
Rather than ask a question of any kind it seems to me like you just went ahead and worked all around the query itself talking about other things you must have assumed I wouldn't know about, but in fact I did.

One question: are you looking to see who you're replying to?

Rivet

Weedpacket;11031471 wrote:
One question: are you looking to see who you're replying to?

Yes. And? It doesn't matter who you are: It's what you DO that makes you great or not. But that has little to do with whether you garner respect or not NOW.

If you have a specific question you'd like to ask, go ahead and do so. Personally I think we've been off topic and beating a dead horse for long enough, don't you? personally I know you're experienced and respect that. Your interpersonal skills however are seemingly nil and non-existent. I also admit you did give a well structured response to my query too, but it could have occurred a lot sooner if you'd made an effort to clarify & verify at all. It's just not the way to do things. In fact you seem to relish looking down on those less experienced than you. I've read the stickies and as far as I'm concerned I stuck to them.

You're welcome to respond, but if you can't figure out how to ask what it is you really want, there is little point to it.

Regards,

Rivet`😕

laserlight

You might want to do some introspection because "your interpersonal skills however are seemingly nil and non-existent".

Weedpacket

Rivet wrote:
If you have a specific question you'd like to ask, go ahead and do so.

Why do you think I'm "miffed"? You're the one who has admitted to being hostile.