PHPackages                             paragonie/seedspring - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Utility &amp; Helpers](/categories/utility)
4. /
5. paragonie/seedspring

ActiveLibrary[Utility &amp; Helpers](/categories/utility)

paragonie/seedspring
====================

Seeded, deterministic random number generator

v1.2.1(2y ago)38198.6k↓18%41MITPHPPHP &gt;= 5.6CI failing

Since Dec 22Pushed 2y ago4 watchersCompare

[ Source](https://github.com/paragonie/seedspring)[ Packagist](https://packagist.org/packages/paragonie/seedspring)[ RSS](/packages/paragonie-seedspring/feed)WikiDiscussions master Synced yesterday

READMEChangelog (7)Dependencies (4)Versions (8)Used By (1)

seedspring
==========

[](#seedspring)

[![Build Status](https://github.com/paragonie/seedspring/actions/workflows/ci.yml/badge.svg)](https://github.com/paragonie/seedspring/actions)

Seeded, Deterministic PRNG (based on AES-CTR instead of LCG) (**Requires PHP 7 or [random\_compat](https://github.com/paragonie/random_compat)**)

Security Warning
----------------

[](#security-warning)

This is not meant to replace `random_bytes()`. Think of this as an improvement to `srand()` + `rand()`. **Do not use this for security purposes.**

Installing
----------

[](#installing)

```
composer require paragonie/seedspring
```

### Usage

[](#usage)

```
use \ParagonIE\SeedSpring\SeedSpring;

// For example
$sharedSeed = str_repeat("\x80", 16);

$rng = new SeedSpring($sharedSeed);

$data = $rng->getBytes(1024);
$int = $rng->getInt(1, 100);
```

### Motivation

[](#motivation)

A cryptographically secure pseudorandom number generator, such as `random_int()`, is wonderful for security purposes. However, there are situations where you need to generate a deterministic, pseudorandom byte stream on two devices from a shared seed. (e.g. something like Minecraft's world generator).

PHP's native seedable (and insecure) RNGs, `rand()` and `mt_rand()`, only support a 32-bit integer seed, which severely limits the possible outputs. Our deterministic RNG supports up to 2^128 possible outputs, since it's based on a 128-bit block cipher.

Our implementation uses AES-128-CTR to turn a finite, 128-bit key into an practically endless stream of random bytes.

It will repeat after 2^132 bytes of output. You should consider rekeying after 2^66 bytes.

For anything security-sensitive, you should rekey after 2^39 bytes. This is because the probability of predicting successive blocks becomes unacceptably high for security operations.

###  Health Score

40

—

FairBetter than 86% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity46

Moderate usage in the ecosystem

Community17

Small or concentrated contributor base

Maturity63

Established project with proven stability

 Bus Factor1

Top contributor holds 62.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~509 days

Recently: every ~752 days

Total

7

Last Release

786d ago

Major Versions

v0.3.0 → v1.0.02016-11-18

PHP version history (3 changes)0.1.0PHP ^7.0.0

v0.3.0PHP ^5.6.0|^7.0.0

v1.2.0PHP &gt;= 5.6

### Community

Maintainers

![](https://www.gravatar.com/avatar/05d241256cda885139a5697d3bb536b5cec3b430c1adb9c524bf92a37a55758d?d=identicon)[paragonie-scott](/maintainers/paragonie-scott)

---

Top Contributors

[![paragonie-scott](https://avatars.githubusercontent.com/u/11591518?v=4)](https://github.com/paragonie-scott "paragonie-scott (20 commits)")[![paragonie-security](https://avatars.githubusercontent.com/u/15914520?v=4)](https://github.com/paragonie-security "paragonie-security (12 commits)")

###  Code Quality

TestsPHPUnit

Static AnalysisPsalm

Type Coverage Yes

### Embed Badge

![Health badge](/badges/paragonie-seedspring/health.svg)

```
[![Health](https://phpackages.com/badges/paragonie-seedspring/health.svg)](https://phpackages.com/packages/paragonie-seedspring)
```

###  Alternatives

[phpseclib/phpseclib

PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.

5.6k465.6M1.5k](/packages/phpseclib-phpseclib)[spomky-labs/otphp

A PHP library for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm) and compatible with Google Authenticator

1.5k50.3M168](/packages/spomky-labs-otphp)[oat-sa/tao-core

TAO core extension

66143.7k122](/packages/oat-sa-tao-core)[hidehalo/nanoid-php

A copy of nanoid in PHP

8144.8M56](/packages/hidehalo-nanoid-php)[web-auth/webauthn-lib

FIDO2/Webauthn Support For PHP

12310.5M135](/packages/web-auth-webauthn-lib)[web-auth/webauthn-framework

FIDO2/Webauthn library for PHP and Symfony Bundle.

515100.5k3](/packages/web-auth-webauthn-framework)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
