randombit/phpseclib-rng

## phpseclib-rng
PHPSeclib's backup PRNG (if no mcrypt extension or /dev/urandom) is nominally X9.31

https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Crypt/Random.php#L241

except it uses CTR mode (or RC4!?) rather than ECB mode:

https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Crypt/Random.php#L191

So the first time through the loop,

i = E(1) ^ microtime()
r = E(2) ^ i ^ v = E(2) ^ E(1) ^ microtime() ^ v // this is output
v = E(3) ^ r ^ i = E(3) ^ E(2) ^ v

Note how E(1) is cancelled out in v - this is actually good news as it means that we
will not be able to XOR in later r's to cancel it out. So the security devolves to AES CTR.

However given that the intent was to implement X9.31, this seems to have happened merely by luck.
	PHPSeclib's backup PRNG (if no mcrypt extension or /dev/urandom) is nominally X9.31

	https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Crypt/Random.php#L241

	except it uses CTR mode (or RC4!?) rather than ECB mode:

	https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Crypt/Random.php#L191

	So the first time through the loop,

	i = E(1) ^ microtime()
	r = E(2) ^ i ^ v = E(2) ^ E(1) ^ microtime() ^ v // this is output
	v = E(3) ^ r ^ i = E(3) ^ E(2) ^ v

	Note how E(1) is cancelled out in v - this is actually good news as it means that we
	will not be able to XOR in later r's to cancel it out. So the security devolves to AES CTR.

	However given that the intent was to implement X9.31, this seems to have happened merely by luck.