M A R C H 1 8 T H , 2 0 1 7
JOURNEY
MY
CENTER
TO
THE
OF
S A M M Y K A Y E P O W E R S
@SammyK #mwphp17 joind.in/talk/01835
Slide 2
Slide 2 text
SCARY!
INTERNALS IS
http://saint-max.deviantart.com @SammyK #mwphp17 joind.in/talk/01835
Slide 3
Slide 3 text
I don’t know C!
Internals is scary!
I don’t know what I’m doing!
Slide 4
Slide 4 text
BOOKS ON PHP 7 INTERNALS:
THIS PAGE INTENTIONALLY LEFT BLANK
@SammyK #mwphp17 joind.in/talk/01835
Slide 5
Slide 5 text
BUBBLE
MY
1998-2013
@SammyK #mwphp17 joind.in/talk/01835
Slide 6
Slide 6 text
LARACON
2014
NEW YORK
PHP|TEK CHICAGO
@SammyK #mwphp17 joind.in/talk/01835
Slide 7
Slide 7 text
PHP|TEK
HACK-A-THON
CONTRIBUTE TO PHP
@SammyK #mwphp17 joind.in/talk/01835
Slide 8
Slide 8 text
I don’t know what I’m doing!
@SammyK #mwphp17 joind.in/talk/01835
Slide 9
Slide 9 text
ELIZABETH
SMITH
DERICK
RETHANS
Slide 10
Slide 10 text
@SammyK #mwphp17 joind.in/talk/01835
Slide 11
Slide 11 text
ANTHONY
FERRARA
@SammyK #mwphp17 joind.in/talk/01835
Slide 12
Slide 12 text
CONTRIBUTION
MY FIRST
Slide 13
Slide 13 text
this is a table…
@SammyK #mwphp17 joind.in/talk/01835
Slide 14
Slide 14 text
I love tabs!
this is a table…
Spaces is where it’s at! I’m trying to upgrade bison
I added array_column()
Have you used Docker?
Licensing in FOSS is important
Let’s have a PGP key signing party!
JavaScript is weird
Slide 15
Slide 15 text
I love tabs!
this is a table…
Spaces is where it’s at! I’m trying to upgrade bison
I added array_column()
Have you used Docker?
Licensing in FOSS is important
Let’s have a PGP key signing party!
JavaScript is weird
rand(); mt_rand();
AUTO SEEDING USING
TIMESTAMP
+ A FEW OTHER VARIABLES
CSPRNG
@SammyK #mwphp17 joind.in/talk/01835
Slide 41
Slide 41 text
No content
Slide 42
Slide 42 text
No content
Slide 43
Slide 43 text
No content
Slide 44
Slide 44 text
No content
Slide 45
Slide 45 text
AUTO SEEDING USING
TIMESTAMP
+ A FEW OTHER VARIABLES
@SammyK #mwphp17 joind.in/talk/01835
Slide 46
Slide 46 text
No content
Slide 47
Slide 47 text
CSPRNG’S
USE BETTER SEEDS
@SammyK #mwphp17 joind.in/talk/01835
Slide 48
Slide 48 text
No content
Slide 49
Slide 49 text
CSPRNG OPTIONS IN
5.x
openssl_random_pseudo_bytes()
mcrypt_create_iv()
/dev/*random
@SammyK #mwphp17 joind.in/talk/01835
Slide 50
Slide 50 text
CSPRNG OPTIONS IN
5.x
openssl_random_pseudo_bytes()
mcrypt_create_iv()
/dev/*random
@SammyK #mwphp17 joind.in/talk/01835
Slide 51
Slide 51 text
openssl_random_pseudo_bytes()
https://wiki.openssl.org/index.php/Random_fork-safety
Since the UNIX fork() system call
duplicates the entire process state, a
random number generator which does not
take this issue into account will produce
the same sequence of random numbers in
both the parent and the child […], leading
to cryptographic disaster…
“
Slide 52
Slide 52 text
openssl_random_pseudo_bytes()
https://wiki.openssl.org/index.php/Random_fork-safety
OpenSSL cannot fix the fork-
safety problem because its not in
a position to do so. However,
there are [solutions] available
and they are listed below.
“
Slide 53
Slide 53 text
openssl_random_pseudo_bytes()
https://wiki.openssl.org/index.php/Random_fork-safety
Don't use
RAND_bytes
“
Slide 54
Slide 54 text
openssl_random_pseudo_bytes()
https://wiki.openssl.org/index.php/Random_fork-safety
Instead, you can read directly
from /dev/random,
/dev/urandom or
/dev/srandom; or use
CryptGenRandom on Windows
systems.
“
Slide 55
Slide 55 text
CSPRNG OPTIONS IN
5.x
openssl_random_pseudo_bytes()
mcrypt_create_iv()
/dev/*random
@SammyK #mwphp17 joind.in/talk/01835
Slide 56
Slide 56 text
mcrypt_create_iv()
Slide 57
Slide 57 text
mcrypt_create_iv()
Slide 58
Slide 58 text
mcrypt_create_iv()
Slide 59
Slide 59 text
CSPRNG OPTIONS IN
5.x
openssl_random_pseudo_bytes()
mcrypt_create_iv()
/dev/*random
@SammyK #mwphp17 joind.in/talk/01835
Slide 60
Slide 60 text
/dev/*random
Slide 61
Slide 61 text
CSPRNG OPTIONS IN
5.x
openssl_random_pseudo_bytes()
mcrypt_create_iv()
/dev/*random
@SammyK #mwphp17 joind.in/talk/01835
THE PROCESS
FIN
@SammyK #mwphp17 joind.in/talk/01835
Slide 105
Slide 105 text
RFC
WORKING IMPLEMENTATION
ANNOUNCE TO INTERNALS
CHECKLIST
@SammyK #mwphp17 joind.in/talk/01835
Slide 106
Slide 106 text
RFC
WORKING IMPLEMENTATION
ANNOUNCE TO INTERNALS
CHECKLIST
✓
@SammyK #mwphp17 joind.in/talk/01835
Slide 107
Slide 107 text
RFC
WORKING IMPLEMENTATION
ANNOUNCE TO INTERNALS
CHECKLIST
✓
✓
@SammyK #mwphp17 joind.in/talk/01835
Slide 108
Slide 108 text
RFC
WORKING IMPLEMENTATION
ANNOUNCE TO INTERNALS
CHECKLIST
✓
✓
x
@SammyK #mwphp17 joind.in/talk/01835
Slide 109
Slide 109 text
RFC
WORKING IMPLEMENTATION
ANNOUNCE TO INTERNALS
CHECKLIST
✓
✓
x
PHP internals is scawy!
Slide 110
Slide 110 text
Everyone is smarter than
me - I’ll be a laughingstock!
Everyone is mean -
look at scalar type-
hints drama!
Slide 111
Slide 111 text
Let’s do this sh… stuff!
Slide 112
Slide 112 text
No content
Slide 113
Slide 113 text
No content
Slide 114
Slide 114 text
LATER
…TWO WEEKS
Slide 115
Slide 115 text
No content
Slide 116
Slide 116 text
No content
Slide 117
Slide 117 text
@SammyK #mwphp17 joind.in/talk/01835
Slide 118
Slide 118 text
@SammyK #mwphp17 joind.in/talk/01835
Slide 119
Slide 119 text
JOURNEY
MY
CENTER
TO
THE
OF
IT’S LIKE EATING
@SammyK #mwphp17 joind.in/talk/01835
Slide 120
Slide 120 text
LEARNED
WHAT I
I don’t know what I’m doing!
HOW
FEATURES ARE ADDED TO
PHP
THE CULTURE OF PHP INTERNALS
BETTER AT C & C++
DEEPER UNDERSTANDING OF CSPRNG’S
BINARY AND HEXADECIMAL NUMBER SYSTEMS
HOW
TO
CONTRIBUTE TO
THE PHP DOCS
AND TONS MORE!
Slide 121
Slide 121 text
I STILL have no idea what I’m doing!
Slide 122
Slide 122 text
SCARY!
INTERNALS IS
http://saint-max.deviantart.com @SammyK #mwphp17 joind.in/talk/01835
Slide 123
Slide 123 text
SCARY!
INTERNALS IS
http://saint-max.deviantart.com
not
^
@SammyK #mwphp17 joind.in/talk/01835
Slide 124
Slide 124 text
COMMUNITY
LOVING
@SammyK #mwphp17 joind.in/talk/01835
Slide 125
Slide 125 text
I N T E R N A L S N E E D S
YOU SOURCE
BUGS WEBSITE
TESTS
@SammyK #mwphp17 joind.in/talk/01835