Talk given at php[tek] 2018

What is random? If you think about it, describing randomness is quite difficult; and so is generating random numbers for computers. If you get it wrong, you can open your app to serious security exploits.

Unfortunately true randomness is a non-trivial achievement for computers. In fact, using weak sources of randomness can leave your application open to myriad vulnerabilities. Enter: a good cryptographically secure pseudorandom number generator (CSPRNG).

We'll discuss the importance of using good sources of randomness, the CSPRNG options we had in PHP 5.x, and how the new CSPRNG functions in PHP 7 work under the hood. Learn how to get it right in this talk about PHP's cryptographically secure RNG.

May 31, 2018