PHP 7 for the first time introduced simple consistent functions to access good quality pseudo-random values from within PHP applications. But many applications written for earlier PHP versions, or still supporting them, use other methods to generate random values – with mixed results.
Such home-cooked methods often use unsuitable pseudo-random generators and seeding methods. We will take a look at the weird and wonderful methods developers have used in common open-source applications such as Wordpress and Magento. After digging down into the PHP source to find what the underlying functions actually rely on we will be putting on our hacking hats to try breaking an example application using bad random.


Comments are closed.

Carlos Ortega at 15:26 on 22 Feb 2017

Enlighting talk about the hidden and yet extremely important aspects of day a day decisions that shouldn't be taken carelessly. I would personaly like to see more of this.

Ben Longden at 15:55 on 22 Feb 2017

Kinda crazy once you scratch the surface of how some of these functions work (off the back of random number generation). Nice presentation and the demos worked out. Cheers Nat!

Good talk, with a great delivery. Working examples were also a nice touch.