Randomness is really important in many cryptographic contexts. Unfortunately, true randomness is a non-trivial achievement for computers. In fact, using weak sources of randomness can leave your application open to myriad vulnerabilities. Enter a good cryptographically secure pseudorandom number generator (CSPRNG).

We’ll discuss the importance of using good sources of randomness, the CSPRNG options we had in PHP 5, and how the new-goodness CSPRNG functions in PHP 7 work under the hood.


Comments are closed.

Brian Johnson at 16:59 on 17 Oct 2018

Easily one of the best presentations of the conference. Great info, and never a dull moment.

So awesome! Really great explanations that worked for crypto experts as well as those who were not.

Ben Roberts at 11:25 on 19 Oct 2018

Sammy's talk on the importance of sufficiently random input to application security was insightful and entertaining. Also, it didn't hurt to have been on the receiving end of a give-a-way of one of the rare PHP Elephants by PHP Roundtable!