

PHP's mt_rand() cracked - quchen
http://www.openwall.com/lists/announce/2013/11/04/1

======
vernie
I'm not sure if I understand the significance of this post. Is PHP's
implementation of the Mersenne twister more insecure than others? MT was never
meant to be a secure PRNG, this is mentioned everywhere, usually in bold.

~~~
McGlockenshire
While nobody in their right mind would ever use it as a secure PRNG, who knows
how often it's being used to generate randomness in a place where being able
to predict the randomness would open up a non-cryptographic security
vulnerability.

