Fix issue #759 : The output of the hash generators is misleading #880
Conversation
md5(), sha1() and sha256() generators is misleading
kcassam
changed the title
kcassam
changed the title
|
This change is incorrect, because it prevents seeding when using these functions, whereas the previous implementation was seedable. |
…ge the full output space of the respective hashes
@TimWolla I have corrected, seeding is OK now and I added some new test to garantee seedibility. I don't know if this is considered as BC and if this is OK. |
There was a problem hiding this comment.
Other than that bias remark I suspect that using ext/bcmath is a non-starter for this library.
I'm also not sure whether it's worth fixing the issue with the current architecture of FakerPHP. The fix is likely going to be pretty ugly when relying on the pre-PHP 8.2 standard library. See also: #15 (comment)
src/Provider/Miscellaneous.php
Outdated
| return array_reduce(range(1, $n), static function ($carry, $item) { | ||
| return bcmul($carry, self::numberBetween()); | ||
| }, '1'); |
There was a problem hiding this comment.
This function is heavily biased, which is easy to see by performing an exhaustive search for a smaller number range:
<?php
for ($a = 0; $a < 16; $a++)
for ($b = 0; $b < 16; $b++)
for ($c = 0; $c < 16; $c++)
@$results[$a * $b * $c]++;
var_dump($results);If any of the multiplied numbers is zero, the result will also be zero, which makes zero the most likely result. But the others are not uniformly distributed either:
|
Thanks for the reviews @TimWolla. I have another idea, I will submit it later on. |
|
@TimWolla Alternatively, to avoid any BC, we could keep the legacy methods without modifying them and create new ones with a slightly different name and with the new behavior, for example : We could use |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 1 week if no further activity occurs. Thank you for your contributions. |
|
@TimWolla hi, is it possible to review this PR ? |
md5(), sha1() and sha256() generators is misleading
What is the reason for this PR?
Author's checklist
Summary of changes
In order to leverage the full output space of the respective hashes, I use the the function random_bytes($length)
In order to keep those functions seedable, I add a $seed parameter that can be used to pass a parameter so that the function will always return the same hash given the same seed.
When this one is merged, I can take car of #761
Review checklist
CHANGELOG.md