Is PHP’s mt_rand function insecure on every platform?
I was going through this article, https://www.ambionics.io/blog/php-mt-rand-prediction, which claims that if we use mt_rand(), we can get the seed value using two values instead of brute forcing.
In the article it says:
The first step in generating random numbers using
mt_rand()is to use a seed, an unsigned int, to generate a state array of 624 values. This is done by either callingmt_srand($seed)or automatically, by PHP, upon requesting the first random number. After this, each call tomt_rand()will take the next state value, scramble it, and return it to the user.
My question: Is the mt_rand() completely insecure or it is platform dependent as well? For example when I will do mt_rand(), the seeding state array of 624 values that will be created in my computer is different. If Person B does mt_rand() with same seeding value the output state will be different. How come than we both get the same random number?
