Does anyone know what's the randomness of PHP's `shuffle()`

function? Does it depend on the operating system?
Does it use PHP's own seeder?

Is it possible to use `mt_rand()`

as generator?

Asked 7 Months ago Answers: 5 Viewed 28 times

Does anyone know what's the randomness of PHP's `shuffle()`

function? Does it depend on the operating system?
Does it use PHP's own seeder?

Is it possible to use `mt_rand()`

as generator?

30

Its better to use an array to achieve this.

```
$options = array(
'Option One',
'Option Two',
'Option Three',
'Option Four'
);
//Shuffle the array
shuffle($options);
```

You can access the options like this (The order will be random);

```
$options[0];
$options[1];
$options[2];
$options[3];
```

Wednesday, March 31, 2021

answered 7 Months ago

91

The first user post under the `shuffle`

documentation:

Shuffle associative and non-associative array while preserving key, value pairs. Also returns the shuffled array instead of shuffling it in place.

```
function shuffle_assoc($list) {
if (!is_array($list)) return $list;
$keys = array_keys($list);
shuffle($keys);
$random = array();
foreach ($keys as $key) {
$random[$key] = $list[$key];
}
return $random;
}
```

Test case:

```
$arr = array();
$arr[] = array('id' => 5, 'foo' => 'hello');
$arr[] = array('id' => 7, 'foo' => 'byebye');
$arr[] = array('id' => 9, 'foo' => 'foo');
print_r(shuffle_assoc($arr));
print_r(shuffle_assoc($arr));
print_r(shuffle_assoc($arr));
```

Wednesday, June 9, 2021

answered 5 Months ago

31

How random is `crypto.randomBytes()`

? Usually, **random enough for whatever purpose you need**.

`crypto.randomBytes()`

generates *cryptographically secure* random data:

## crypto.randomBytes(size[, callback])

Generates

cryptographically strong pseudo-random data. The size argument is a number indicating the number of bytes to generate.

This means that the random data is secure enough to use for encryption purposes. In fact, the function is just a wrapper around OpenSSL's `RAND_bytes()`

function. This part of their documentation states:

RAND_bytes will fetch cryptographically strong random bytes. Cryptographically strong bytes are suitable for high integrity needs, such as long term key generation. If your generator is using a software algorithm, then the bytes will be pseudo-random (but still cryptographically strong).

Unless you have a hardware random number generator, the bytes will be *pseudo-random*â€”generated predictably from a seed value. The seed is generated from an OS-specific source (`/dev/urandom`

on Unix-like systems, `CryptGenRandom`

on Windows). As long as your *seed* is relatively random and not known to an attacker, the data produced will appear totally random.

If you like, you could perform the test described here:

Given any arbitrary sequence of binary digits it is possible to examine it using statistical techniques. There are various suites of statistical tests available such as STS (Statistical Test Suite) available from NIST's RANDOM NUMBER GENERATION page. This suite provides a number of different tests including:

- The Frequency (Monobit) Test: Checks whether the proportion of 0s and 1s in a given sequence are approximately as one would expect
- The Runs Test: Tests whether the number of runs of consecutive identical digits of varying lengths within a given sequence is as expected
- The Longest Run of Ones in a block: Confirms whether the longest single run of ones within a sequence is as would be expected

That would give you a very good indication on how random *your generator* is on your system. Rest assured, though, that it's likely to be virtually indistinguishable from a truly random source, so it should be sufficiently random for nearly any application.

Thursday, July 1, 2021

answered 4 Months ago

90

Whether `Random`

is sufficiently reliable for your statistical tests will depend on the context in which you intend to use it.

Having said that, I have written several pieces of Delphi code that need to do proper statistics, and have used `Random`

e.g. for obtaining various null distributions, data pseudo-replications and resamplings. So far, I have not come across any case in my own code where `Random`

would have yielded biased or unreliable results, or results which would have precluded its use for the intended statistical test. But what holds for my code does not necessarily have to hold for yours.

If in doubt, you could of course statistically analyse the results of calls to `Random`

(e.g. in R, SPSS, etc.) and examine whether the distribution of results violate the distributional requirements for your particular statistical test(s). [If you're a proper scientist, this is what you should do anyway.]

Should you need other PRNGs - e.g. the TPMath library contains some. (For more involved things, there's also the option of calling elaborate statistical functions from R via Delphi.)

Tuesday, August 10, 2021

answered 3 Months ago

Only authorized users can answer the question. Please sign in first, or register a free account.

`shuffle()`

function is based on the same generator as`rand()`

, which is the system generator based on linear congruential algorithm. This is a fast generator, but with more or less randomness. Since PHP 4.2.0, the random generator is seeded automatically, but you can use`srand()`

function to seed it if you want.`mtrand()`

is based on Mersenne Twister algorithm, which is one of the best pseudo-random algorithms available. To shuffle an array using that generator, you'd need to write you own shuffle function. You can look for example at Fisher-Yates algorithm. Writing you own shuffle function will yield to better randomness, but will be slower than the builtin shuffle function.