By Norman Yue, Chief Technical Officer
Originally published: http://wordswithcomputers.wordpress.com/2014/07/02/breaking-lcg_value/
One of the things I do, under the guise of OWASP Sydney Chapter Lead, is run a weekly workshop – every week, a small group of people get together to work on some security topics ranging from reverse engineering to web-based wargames, followed by security chit-chat over dinner.
Recently, at one of these get togethers, a (very smart) friend pointed me to PHP’s lcg_value function.
First looked at by samy in 2010, lcg_value is a PHP pseudo-random number generator, which generates a random 64-bit floating point. To cut a long story short, this function works as follows (variable names taken from samy’s lcg_state_forward.c): Continue reading