随机森林和gbdt哪个更好
Random values are crucial in computer programming for developing secure systems that are not vulnerable to malicious subversion. Cryptography, for example, relies on the generation or random values and their reproducibility for unpredictable output. Random values also play a fundamental role in many secure PHP applications, and many libraries and frameworks rely on them for generating tokens, salts, and as input for other functions.
随机值在计算机编程中对于开发不容易受到恶意颠覆的安全系统至关重要。 例如,密码学依赖于生成或随机值及其再现性,以产生不可预测的输出。 随机值在许多安全PHP应用程序中也起着基本作用,许多库和框架都依赖于它们来生成令牌,盐以及作为其他函数的输入。
A random number generator is an algorithm that generates a sequence of seemingly random numbers. The input value for initializing such an algorithm is known as the initial state, or the seed. The seed may be random data value or a known value.
随机数生成器是一种生成看似随机数序列的算法。 用于初始化这种算法的输入值称为初始状态或种子。 种子可以是随机数据值或已知值。
In this article I’ll give you an overview of what random values are used for and why they’re important, as well as a peek under the hood of how they’re generated.
在本文中,我将向您概述随机值的用途以及为什么它们很重要,以及如何生成随机值的概述。
随机值的使用 (The Use of Random Values)
Random values in PHP are very important as they are used for a wide variety of purposes. Secure coding practices require that certain things such as CSRF tokens, API keys, authorization nonces, password reset tokens, and other such things be created with a great amount of unpredictability. They should be created in a way that is very hard for anyone to guess.
PHP中的随机值非常重要,因为它们用于多种用途。 安全编码实践要求创建某些东西,例如CSRF令牌,API密钥,授权随机数,密码重置令牌以及其他类似的东西,而这些东西具有很大的不可预测性。 应该以任何人都很难猜到的方式创建它们。
Some of the important uses for random values are:
随机值的一些重要用途是:
Generation of salts for cryptography – A salt is a random value that is used as input to an encryption function, usually a one-way function, for hashing passwords. This random data is referred to as the initialization vector for encryption.
用于加密的盐的生成 –盐是一个随机值,用作加密函数(通常是单向函数)的输入,用于散列密码。 该随机数据被称为用于加密的初始化向量。
Generation of unique identifiers such as Session IDs – PHP is used in the development of many great web applications that require security and persistence for the users. PHP enables building customized applications and more appealing websites with its session support which, through the use of session IDs, provides a way to preserve certain data across subsequent request.
诸如会话ID之类的唯一标识符的生成 – PHP用于开发许多要求用户安全和持久的大型Web应用程序。 PHP通过会话支持来构建自定义应用程序和更具吸引力的网站,该会话支持通过使用会话ID提供一种在后续请求中保留某些数据的方法。
Generation of hard-to-guess tokens/nonces for authorization – many PHP applications are required to make API calls to other applications and systems. Such calls will often require the use of authorization tokens rather than sending user credentials over the network. Using hard-to-guess tokens is thus very important, and random values play a role in generating these tokens to ensure security.
生成难以猜测的令牌/随机数以进行授权 -需要许多PHP应用程序才能对其他应用程序和系统进行API调用。 这样的呼叫通常需要使用授权令牌,而不是通过网络发送用户凭据。 因此,使用难以猜测的令牌非常重要,并且随机值在生成这些令牌以确保安全性方面发挥着作用。
随机值生成 (Random Value Generation)
To generate random values for such uses, PHP uses pseudo-random number generators. The algorithms available are:
为了产生用于此类用途的随机值,PHP使用了伪随机数生成器。 可用的算法为:
Linear Congruential Generator (LCG), used when you call the
lcg_value()function.The Marsenne-Twister algorithm, more commonly used and is used when the
mt_rand()function is called.Marsenne-Twister算法 ,更常用,在调用
mt_rand()函数时使用。The
rand()function which is a locally-supported C function.rand()函数是本地支持的C函数。
These algorithms do not generate actual random numbers, but numbers which are distributed in a way that approximates real random numbers. The algorithm is seeded with a random value for generation of the pseudorandom sequence.
这些算法不会生成实际的随机数,而是会以近似于实际随机数的方式分布数字。 用随机值播种该算法,以生成伪随机序列。
播种发电机 (Seeding the Generator)
Seeding is the initialization of the random number generator using a number or vector which is known as the seed. The integrity of the seed value is very important with pseudorandom generators since the same set of pseudo-random values will be generated when run multiple times with the same seed. If an attacker gets the seed, he can predict the future output sets.
播种是使用称为种子的数字或向量初始化随机数生成器。 种子值的完整性对于伪随机数生成器非常重要,因为当使用同一种子多次运行时,将生成同一组伪随机值。 如果攻击者获得了种子,他可以预测未来的输出集。
In PHP, the random data for seeding the random number generator can be obtained in two ways. One way is using the mt_srand() function to manually set the seed. This way is mainly used in legacy systems, or unit testing seemingly random series. The second way of getting the seed is to let PHP generate it automatically. This is the most preferred way and mainly used in the newer versions of PHP (4.2 and beyond). An algorithm reinitializes the seed so that the same seed is not used over and over again is used with the Mersenne Twister algorithm.
在PHP中,可以通过两种方式获得用于播种随机数生成器的随机数据。 一种方法是使用mt_srand()函数手动设置种子。 这种方法主要用于遗留系统或看似随机序列的单元测试中。 获得种子的第二种方法是让PHP自动生成它。 这是最优选的方法,主要用于更新版本PHP(4.2及更高版本)中。 一种算法会重新初始化种子,因此不会重复使用同一种子与Mersenne Twister算法。
PHP uses other means of getting a high quality seed for generation of random values for use in non-trivial tasks such as encryption. The means is supplied through the operating system platform that PHP running on. Thus, PHP requires running on an operating system that supplies the initial seed.
PHP使用其他方法来获取高质量种子,以生成随机值以用于非平凡任务(例如加密)。 该方法通过运行PHP的操作系统平台提供。 因此,PHP需要在提供初始种子的操作系统上运行。
On Linux platforms, the seed is accessed from < code>/dev/urandom using the mcrypt_create_iv() or openssl_pseudo_random_bytes() functions. Windows provides a cryptographically secure pseudo-random generator that can be accessed using extensions that provide the openssl_pseudo_random_bytes() and the mcrypt_create_iv() functions.
在Linux平台上,可使用mcrypt_create_iv()或openssl_pseudo_random_bytes()函数从<代码> / dev / urandom访问种子。 Windows提供了一种加密安全的伪随机生成器,可以使用提供openssl_pseudo_random_bytes()和mcrypt_create_iv()函数的扩展程序来访问该伪随机生成器。
结论 (Conclusion)
Because random values are very important for security applications as well as achieving various programming tasks, the use of high-quality seeds for the generators is a factor that a programmer should always have in mind. The use of just any seed for non-trivial tasks such as password hashing may result in a high security risk. Ensure the use of strong random generators and high quality seeds.
因为随机值对于安全应用程序以及完成各种编程任务非常重要,所以为生成器使用高质量的种子是程序员应始终牢记的一个因素。 对于非平凡的任务(例如密码哈希)仅使用任何种子都可能导致很高的安全风险。 确保使用强随机发生器和高质量种子。
Image via Fotolia
图片来自Fotolia
随机森林和gbdt哪个更好
1613
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
