I know that it is encouraged to use mt_rand() over rand() because it uses the Mersenne Twister over whatever PRNG rand() uses, but here's something that never seems to be factored in: user activity.
In fact, the actions of users can be considered pretty random. For instance, at any given moment, there might be a 4% chance a user might trigger a rand() call for one feature, an 8% chance of a user triggering three rand() calls and a shuffle(), a 20% of a user triggering two rand() calls, and every time a user loads a page the PRNG advances by one.
After all, isn't NPC movement what makes RNG-abuse in Pokémon games so frustrating?
So, bearing in mind that, while rand() does have its patterns, is the randomness of the users' activities and the variety of uses of rand() enough to make rand()'s shortcomings irrelevant? In absolute terms, mt_rand() is "more random". But how does this compare to the entropy of the human element?
If you assume calls to rand() are generated by human users at random times then i guess your logic is correct.
However imagine a bot that sends same requests each X seconds (at night hours not interrupted by human calls) or a simple script that runs for a given amount of time and runs rand() one by one. Then you can not fully depend on randomness.
comment from php.net :
Note that the automatic seeding seems to be done with the current number of seconds which means you can get the same results for several runs on a fast server. Either call srand() yourself with a more frequently changing seed or use mt_rand() which doesn't appear to suffer from the problem.
But how does this compare to the entropy of the human element?
I imagine this scenario:
- A game with some thousand of users.
- For some reason, every X minutes, you should set a random value for each user (gived with the same order every time)
Due a pseudo-random function, is more probable with the user XXX and the user YYY have always the same distance. Because one of the problem of pseudo-random, is that an area can be "more" predictable after a sufficient number of cycle.
来源:https://stackoverflow.com/questions/14246206/is-phps-rand-function-really-so-bad