PHP random_int seeding

Question

As of PHP7, a new function was introduced for PRNG: random_int (http://php.net/manual/en/function.random-int.php)

There is no information in the PHP manual related to the seeding of this function, nor I could find anything related to this online using Google.

Can I set the seed manually like it was possible with PHP srand or PHP mt_srand? Or I have no control over this? Or is the seeding done automatically and secure by the operating system?

Answer 1

Can I set the seed manually like it was possible with PHP srand or PHP mt_srand?

nope.

Or I have no control over this?

correct (ish - on linux systems you can use the RNDADDENTROPY ioctl to seed the random generator from which practically everything on the entire system, including php, derives its cryptographically secure random bytes, but you probably don't want to do that, and it requires root)

Or is the seeding done automatically and secure by the operating system?

correct, on Linux generated by the getrandom() api (which is basically the same as reading from /dev/random and /dev/urandom ), and on Windows it's generated through the BCryptGenRandom() api using BCRYPT_RNG_ALGORITHM, and on OpenBSD & FreeBSD it uses arc4random_buf() api all 3 of which provides photographically secure random bytes, the relevant source code can be found at https://github.com/php/php-src/blob/bb6f374048bc0b4203e4fec7fd4e887519f663d6/ext/standard/random.c and https://github.com/php/php-src/blob/169805777c17892865ae462ae0a0895344a7fd3c/win32/winutil.c