Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Let's Get Random: Under the Hood of PHP 7's CSPRNG - PNWPHP 2017

Sammy Kaye Powers
September 08, 2017
Programming
0
410

Let's Get Random: Under the Hood of PHP 7's CSPRNG - PNWPHP 2017

Talk given at Pacific Northwest PHP 2017

Randomness is really important in many cryptographic contexts. Unfortunately true randomness is a non-trivial achievement for computers. In fact, using weak sources of randomness can leave your application open to myriad vulnerabilities. Enter: a good cryptographically secure pseudorandom number generator (CSPRNG). We'll discuss the importance of using good sources of randomness, the CSPRNG options we had in PHP 5.x, and how the new-goodness CSPRNG functions in PHP 7 work under the hood.

Sammy Kaye Powers

September 08, 2017
Tweet

More Decks by Sammy Kaye Powers

See All by Sammy Kaye Powers
Going Bare - Writing The Web Without A Framework - Longhorn PHP 2019
sammyk
1
890
Going bare - writing the web without a framework - php[world] 2018
sammyk
0
470
The Debug Dance - An Intro To Step Debugging - php[world] 2018
sammyk
0
1k
Let's get random: Under the hood of PHP 7's CSPRNG - ZendCon & OpenEnterprise 2018
sammyk
0
1.1k
The debug dance: An intro to step debugging - ZendCon & OpenEnterprise 2018
sammyk
1
300
Going Bare - Writing the web without a framework - Cascadia PHP 2018
sammyk
0
350
Let's Get Random - Under The Hood of PHP 7's CSPRNG - php[tek] 2018
sammyk
0
210
Writing Tests For PHP Source - ZendCon 2017
sammyk
1
1.1k
Going Bare - Writing the web without a framework - ZendCon 2017
sammyk
2
330

Other Decks in Programming

See All in Programming
複雑性に立ち向かうためのサーバーサイドコード分割 / JJUG CCC 2023 Spring
hirokunimaeta
1
300
Managing State Beyond ViewModels and Hilt
vrallev
1
380
LlamaIndex で Text-to-SQL 100 本ノック!
os1ma
2
810
ユニットテストを学んだ次に知りたかったApple標準APIに対するテストのやり方
ojun9
1
200
シン・リッチエディタ徹底解説
microcms
1
600
Mackerel のアクセシビリティ改善事例
azukiazusa1
0
460
Revisiting TypeProf - IDE support as a primary feature
mame
1
840
Jetpack Compose Debugging to fix performance problems
yucamm124
0
450
CloudWatchLogsが個人情報保護の盲点になっていませんか?
shoheihosaka
0
170
Unexplored Region - parse.y -
yui_knk
2
1.3k
サイト信頼性を高める前に開発チームからの信頼性を高めよう
syossan27
9
2.2k
Information Schemaから自動生成する型付きORM spannent
khmer495
0
140

Featured

See All Featured
Infographics Made Easy
chrislema
236
17k
GraphQLの誤解/rethinking-graphql
sonatard
41
8.2k
How To Stay Up To Date on Web Technology
chriscoyier
779
250k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
130
8.9k
KATA
mclloyd
13
10k
Building Better People: How to give real-time feedback that sticks.
wjessup
346
18k
Adopting Sorbet at Scale
ufuk
66
8k
Optimizing for Happiness
mojombo
366
66k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.5k
A designer walks into a library…
pauljervisheath
199
17k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
How STYLIGHT went responsive
nonsquared
89
4.3k

Transcript

  1. Random
    Under the hood of PHP 7’s
    Let’s get
    CSPRNG
    Sammy Kaye Powers
    2017-09-08

    View Slide

  2. joind.in/talk/da53c
    @SammyK #PNWPHP
    Slides
    Get the
    joind.in/talk/da53c

    View Slide

  3. joind.in/talk/da53c
    @SammyK #PNWPHP
    ext/standard/random.c

    View Slide

  4. joind.in/talk/da53c
    @SammyK #PNWPHP
    The end

    View Slide

  5. joind.in/talk/da53c
    @SammyK #PNWPHP
    Random?
    What is

    View Slide

  6. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  7. joind.in/talk/da53c
    @SammyK #PNWPHP
    Finish this sentence
    On the way home
    I got a flat ____.
    tire

    View Slide

  8. joind.in/talk/da53c
    @SammyK #PNWPHP
    Think of a two-digit number
    both digits different from each other
    both digits odd
    between 1 and 100

    View Slide

  9. joind.in/talk/da53c
    @SammyK #PNWPHP
    Are you thinking of…
    37

    View Slide

  10. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  11. joind.in/talk/da53c
    @SammyK #PNWPHP
    11
    random?
    What makes a number

    View Slide

  12. joind.in/talk/da53c
    @SammyK #PNWPHP
    2, 4, 6, 8, __
    10

    View Slide

  13. joind.in/talk/da53c
    @SammyK #PNWPHP
    1337, 42, 0, _
    ?

    View Slide

  14. joind.in/talk/da53c
    @SammyK #PNWPHP
    1337, 42, 0,
    1337, 42, 0,
    1337, __
    42

    View Slide

  15. joind.in/talk/da53c
    @SammyK #PNWPHP
    Random?
    What is isn’t
    Deterministic

    View Slide

  16. joind.in/talk/da53c
    @SammyK #PNWPHP
    “True” Random
    Measurement of atmospheric noise
    Count of the number of electrons
    coming off of a radioactive material

    View Slide

  17. View Slide

  18. joind.in/talk/da53c
    @SammyK #PNWPHP
    Can I haz
    random number?

    View Slide

  19. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  20. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  21. joind.in/talk/da53c
    @SammyK #PNWPHP
    *sigh* Take this.
    42

    View Slide

  22. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  23. joind.in/talk/da53c
    @SammyK #PNWPHP
    0

    View Slide

  24. joind.in/talk/da53c
    @SammyK #PNWPHP
    2,4,8,
    7,5,1
    ?

    View Slide

  25. joind.in/talk/da53c
    @SammyK #PNWPHP
    Number Generator
    …or “PRNG” for short
    Pseudorandom

    View Slide

  26. joind.in/talk/da53c
    @SammyK #PNWPHP
    Pseudorandom?
    How’s that different than just random?
    Deterministic

    View Slide

  27. joind.in/talk/da53c
    @SammyK #PNWPHP
    2,4,8,
    7,5,1
    Generator
    Linear Congruential

    View Slide

  28. joind.in/talk/da53c
    @SammyK #PNWPHP
    Generator
    Linear Congruential

    View Slide

  29. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  30. joind.in/talk/da53c
    @SammyK #PNWPHP
    The modulus
    The multiplier
    The increment
    The seed

    View Slide

  31. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  32. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  33. joind.in/talk/da53c
    @SammyK #PNWPHP
    2,4,8,
    7,5,

    View Slide

  34. joind.in/talk/da53c
    @SammyK #PNWPHP
    2,4,8,
    7,5,
    Deterministic

    View Slide

  35. joind.in/talk/da53c
    @SammyK #PNWPHP
    https://xkcd.com/221/

    View Slide

  36. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  37. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  38. joind.in/talk/da53c
    @SammyK #PNWPHP
    8,7,5,
    1,2,

    View Slide

  39. joind.in/talk/da53c
    @SammyK #PNWPHP
    1,2,4,
    8,7,
    BUT!

    View Slide

  40. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  41. 5,1,2,4,8,7,5,
    1,2,4,8,7,5,1,
    2,4,8,7,5,1,2,
    4,8,7,5,1,2,4,
    8,7,5,1,2,4,8,
    7,5,1,2,4,
    Predictable

    View Slide

  42. joind.in/talk/da53c
    @SammyK #PNWPHP
    LCG
    lcg_value()
    PHP has a combined

    View Slide

  43. joind.in/talk/da53c
    @SammyK #PNWPHP
    PRNG?
    Is there a better

    View Slide

  44. joind.in/talk/da53c
    @SammyK #PNWPHP
    Twister
    Mersenne
    mt_rand()

    View Slide

  45. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  46. mt_rand()
    724937621,955931554,1407935661,821438740,109344
    9922,603009103,1540988686,1028238631,798475733,
    1057939018,671583233,1853117923,98760648,112245
    3373,534404057,900958085,1712824654,476385742,2
    9956470,362833620,424798798,746223917,942003531
    ,320462445,673296853,1351199651,141566289,16454
    09515,995047403,1216151582,1115999460,175322091
    7,1312071810,1553254094,1622498991,2080099801,1
    704834715,1537620663,1357630828,1317892558,
    219,937-1

    View Slide

  47. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  48. mt_rand(0,99)
    83,9,64,28,62,48,83,47,46,53,37,26,21,91,61,32,58,1,89,60,65,97,42,56,6,47,76,1
    2,98,11,36,61,62,60,43,67,6,16,73,15,39,38,56,19,66,56,98,72,91,24,57,94,8,26,7
    3,55,17,14,84,89,39,11,13,48,71,98,89,63,9,95,74,9,81,85,97,24,14,14,77,22,96,4
    3,61,91,61,58,19,71,8,49,18,92,38,34,9,36,91,59,14,4,58,59,29,74,52,41,36,67,82
    ,67,11,0,58,51,37,4,45,56,35,50,78,91,27,39,80,27,28,95,2,82,51,72,27,41,43,74,
    7,82,59,89,72,9,22,61,75,27,64,16,77,57,31,29,59,47,14,67,89,33,94,33,94,22,11,
    62,9,13,61,45,78,29,3,11,99,91,52,79,63,64,43,99,53,22,16,10,53,57,15,84,16,30,
    17,10,3,35,0,45,83,11,70,66,37,14,59,41,46,52,53,53,62,56,41,82,40,99,8,92,96,2
    2,22,43,35,60,45,77,26,96,45,51,62,77,64,23,52,17,17,97,93,57,43,56,45,62,42,24
    ,62,1,59,38,70,13,34,32,48,47,1,42,48,18,2,59,47,53,10,3,66,68,93,4,53,85,20,77
    ,63,43,45,16,15,77,73,89,11,64,76,30,46,91,1,85,96,19,63,70,62,35,58,95,63,38,7
    8,83,8,97,22,2,28,51,25,29,98,62,74,59,95,79,74,66,47,35,83,56,49,25,32,25,46,1
    3,69,77,30,94,24,31,68,23,64,47,28,33,65,69,16,0,98,37,85,93,60,24,10,54,50,42,
    64,11,9,13,15,84,3,23,73,83,83,72,9,2,28,23,90,73,2,47,45,93,4,32,25,75,61,98,7
    3,79,66,23,20,83,11,45,67,40,39,45,0,65,40,78,74,8,79,86,38,10,87,60,99,30,35,5
    0,16,29,24,19,29,16,40,57,87,26,90,1,63,63,34,44,8,36,25,38,50,10,15,17,14,40,6
    ,53,88,18,36,46,69,2,13,0,83,59,92,59,34,34,24,40,99,41,6,79,65,98,9,36,31,8,4,
    89,98,91,80,42,10,26,72,40,50,39,25,33,45,24,70,54,89,91,53,23,12,20,40,21,25,5
    5,48,11,3,84,42,5,7,21,58,85,18,52,92,94,69,20,49,3,8,55,57,4,38,52,37,64,55,82
    ,98,5,75,84,35,14,99,74,23,41,69,55,53,22,52,6,68,35,38,73,52,22,52,86,79,15,38
    ,3,20,99,36,23,77,33,80,16,97,54,88,11,77,77,99,70,26,5,75,87,4,23,8,50,79,61,5
    5,80,25,58,79,25,56,9,81,6,42,27,90,58,6,62,74,25,79,81,61,23,54,92,53,16,66,22
    ,49,77,97,84,25,49,32,49,65,51,1,93,63,68,69,67,10,44,99,44,42,89,35,24,
    624 = busted

    View Slide

  49. echo mt_rand(0,99);
    11

    View Slide

  50. echo mt_rand(0,99);
    9

    View Slide

  51. echo mt_rand(0,99);
    60

    View Slide

  52. mt_srand(10);
    echo mt_rand(0,99);
    21

    View Slide

  53. mt_srand(10);
    echo mt_rand(0,99);
    21

    View Slide

  54. mt_srand(10);
    echo mt_rand(0,99);
    21

    View Slide

  55. joind.in/talk/da53c
    @SammyK #PNWPHP
    CSRF
    Take for example
    Tokens

    View Slide

  56. joind.in/talk/da53c
    @SammyK #PNWPHP
    Cross-site request forgery
    (CSRF) tokens help prevent
    unauthorized requests on
    a user’s behalf.

    View Slide

  57. joind.in/talk/da53c
    @SammyK #PNWPHP
    A CSRF token must be
    unique and unpredictable.

    View Slide

  58. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  59. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  60. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  61. joind.in/talk/da53c
    @SammyK #PNWPHP
    I’ll just let PHP seed
    mt_rand() for me.
    Bad idea jeans
    *Old SNL skit reference

    View Slide

  62. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  63. joind.in/talk/da53c
    @SammyK #PNWPHP
    What about
    rand()
    you ask?

    View Slide

  64. joind.in/talk/da53c
    @SammyK #PNWPHP
    Nope

    View Slide

  65. joind.in/talk/da53c
    @SammyK #PNWPHP
    rand()
    mt_rand()
    …in PHP 7.0 & below

    View Slide

  66. joind.in/talk/da53c
    @SammyK #PNWPHP
    rand()
    Uses the system PRNG
    (unreliable & inconsistent)
    Is a PRNG (totes predictable)
    Uniform distribution issues

    View Slide

  67. joind.in/talk/da53c
    @SammyK #PNWPHP
    Uniform
    Distribution

    View Slide

  68. joind.in/talk/da53c
    @SammyK #PNWPHP
    0
    0.05
    0.1
    0.15
    0.2
    1 2 3 4 5 6

    View Slide

  69. joind.in/talk/da53c
    @SammyK #PNWPHP
    0
    0.1
    0.2
    0.3
    0.4
    1 2 3 4 5 6

    View Slide

  70. joind.in/talk/da53c
    @SammyK #PNWPHP
    Uniform Distribution
    ==
    True Random

    View Slide

  71. joind.in/talk/da53c
    @SammyK #PNWPHP
    mt_rand()
    Implements the MT algorithm
    incorrectly
    Is a PRNG (totes predictable)
    Has a modulo bias

    View Slide

  72. joind.in/talk/da53c
    @SammyK #PNWPHP
    Modulo
    Bias

    View Slide

  73. joind.in/talk/da53c
    @SammyK #PNWPHP
    6 % 3 = 0
    8 % 3 = 2
    Modulo Operator

    View Slide

  74. joind.in/talk/da53c
    @SammyK #PNWPHP
    Random # between 0 & 1
    n % 2 = 0 or 1
    Use mod 2

    View Slide

  75. joind.in/talk/da53c
    @SammyK #PNWPHP
    rand_src() = 1, 2, or 3
    2 % 2 = 0
    3 % 2 = 1
    1 is
    more likely
    1 % 2 = 1

    View Slide

  76. joind.in/talk/da53c
    @SammyK #PNWPHP
    rand()
    mt_rand()
    …in PHP 7.1 & above

    View Slide

  77. joind.in/talk/da53c
    @SammyK #PNWPHP
    mt_rand()
    Fixes bug in MT algorithm
    implementation
    Is a PRNG (totes predictable)

    View Slide

  78. joind.in/talk/da53c
    @SammyK #PNWPHP
    They’re totes
    samezies!
    rand() mt_rand()
    ===

    View Slide

  79. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  80. joind.in/talk/da53c
    @SammyK #PNWPHP
    rand() mt_rand()
    Both suffer from
    modulo bias
    &

    View Slide

  81. joind.in/talk/da53c
    @SammyK #PNWPHP
    Seeds aren’t
    impossible to predict

    View Slide

  82. joind.in/talk/da53c
    @SammyK #PNWPHP
    Entropy
    *Could be it’s own talk

    View Slide

  83. joind.in/talk/da53c
    @SammyK #PNWPHP
    A measure of how
    accurately we’re able
    to predict the next
    value in a sequence.*
    * oversimplification

    View Slide

  84. joind.in/talk/da53c
    @SammyK #PNWPHP
    High
    entropy
    harder
    to predict
    Low
    entropy
    easier
    to predict

    View Slide

  85. joind.in/talk/da53c
    @SammyK #PNWPHP
    Cryptographically
    Pseudorandom
    Secure
    Number Generator

    View Slide

  86. joind.in/talk/da53c
    @SammyK #PNWPHP
    CSPRNG
    or…

    View Slide

  87. joind.in/talk/da53c
    @SammyK #PNWPHP
    “See Spring”
    or…

    View Slide

  88. Unicorn
    Magical

    View Slide

  89. Uses seeds
    that are really
    really
    really
    really
    ridiculously
    hard to guess

    View Slide

  90. joind.in/talk/da53c
    @SammyK #PNWPHP
    High
    Entropy
    wee!

    View Slide

  91. joind.in/talk/da53c
    @SammyK #PNWPHP
    impossible
    It’s values are
    to predict in practice
    42
    82

    Suitable for use in
    cryptographic contexts.

    View Slide

  92. mythical
    Where can we find this
    creature?

    View Slide

  93. joind.in/talk/da53c
    @SammyK #PNWPHP
    CSPRNG
    options in
    5.x

    View Slide

  94. joind.in/talk/da53c
    @SammyK #PNWPHP
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/urandom

    View Slide

  95. joind.in/talk/da53c
    @SammyK #PNWPHP
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/urandom

    View Slide

  96. joind.in/talk/da53c
    @SammyK #PNWPHP
    Since the UNIX fork() system call
    duplicates the entire process state, a
    random number generator which does not
    take this issue into account will produce
    the same sequence of random numbers in
    both the parent and the child […], leading to
    cryptographic disaster…
    https://wiki.openssl.org/index.php/Random_fork-safety

    View Slide

  97. joind.in/talk/da53c
    @SammyK #PNWPHP
    OpenSSL’s
    be like
    42


    CSPRNG


    View Slide

  98. joind.in/talk/da53c
    @SammyK #PNWPHP
    OpenSSL cannot fix the fork-safety
    problem because its not in a position
    to do so. However, there are [solutions]
    available and they are listed below.
    https://wiki.openssl.org/index.php/Random_fork-safety

    View Slide

  99. joind.in/talk/da53c
    @SammyK #PNWPHP
    Don't use
    RAND_bytes
    https://wiki.openssl.org/index.php/Random_fork-safety

    View Slide

  100. joind.in/talk/da53c
    @SammyK #PNWPHP
    Instead, you can read directly from
    /dev/random, /dev/urandom or
    /dev/srandom; or use CryptGenRandom
    on Windows systems.
    https://wiki.openssl.org/index.php/Random_fork-safety

    View Slide

  101. joind.in/talk/da53c
    @SammyK #PNWPHP
    mcrypt_create_iv()
    /dev/urandom
    openssl_random_pseudo_bytes()

    View Slide

  102. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  103. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  104. joind.in/talk/da53c
    @SammyK #PNWPHP

    View Slide

  105. joind.in/talk/da53c
    @SammyK #PNWPHP
    /dev/urandom
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()

    View Slide

  106. joind.in/talk/da53c
    @SammyK #PNWPHP
    open_basedir=/foo/dir

    View Slide

  107. joind.in/talk/da53c
    @SammyK #PNWPHP
    openssl_random_pseudo_bytes()
    mcrypt_create_iv()
    /dev/urandom

    View Slide

  108. joind.in/talk/da53c
    @SammyK #PNWPHP
    CSPRNG
    New goodness
    7

    View Slide

  109. joind.in/talk/da53c
    @SammyK #PNWPHP
    CSPRNG
    random_int()
    random_bytes()

    View Slide

  110. random_int(0,99)
    6,17,6,9,17,53,58,98,46,44,62,9,76,65,46,21,42,5,65,34,11,96,85,7,46,89,98,9,9,
    80,8,76,87,18,24,68,16,61,27,39,30,32,4,83,83,23,96,27,13,47,6,99,16,40,2,75,27
    ,3,79,68,75,60,50,70,63,17,75,29,79,57,9,48,18,86,95,25,40,52,20,86,6,48,94,27,
    76,14,9,27,62,14,68,58,12,18,63,19,84,47,7,13,63,28,66,55,2,75,44,92,11,85,51,1
    7,42,57,22,4,53,7,3,76,48,55,95,7,45,33,87,36,11,17,66,6,46,87,57,48,22,31,65,5
    ,26,10,47,82,97,74,25,32,63,60,29,53,13,24,56,54,52,86,67,4,94,35,48,73,35,45,2
    4,74,74,83,49,70,41,49,20,60,29,49,30,35,38,63,4,86,72,97,26,22,36,95,59,94,24,
    89,73,46,14,73,51,93,93,39,13,80,9,30,24,20,30,63,20,64,97,29,7,2,82,96,42,61,5
    3,28,49,12,90,71,58,72,63,49,32,69,76,50,62,88,31,26,72,79,19,15,3,39,27,80,16,
    65,62,53,82,59,23,85,95,41,68,86,3,92,76,91,88,12,20,96,14,35,50,94,24,23,44,55
    ,78,65,81,7,1,86,32,58,46,97,43,78,9,51,1,6,79,73,49,13,40,21,90,14,9,70,95,88,
    37,85,14,7,29,42,55,81,46,39,41,45,81,11,93,26,89,4,98,35,30,36,74,97,18,85,97,
    23,52,64,88,20,89,12,25,19,21,21,50,60,50,43,84,1,52,5,19,2,86,38,51,48,30,55,9
    0,93,97,52,84,29,58,96,78,37,24,14,72,81,9,82,26,83,83,17,35,15,9,87,95,51,71,4
    8,9,45,13,61,98,3,18,96,99,28,74,47,58,71,89,68,57,51,86,90,38,21,72,72,30,22,1
    3,88,25,48,45,62,59,81,32,10,54,82,60,90,17,98,41,73,98,60,22,99,66,32,41,82,62
    ,91,3,85,91,21,17,98,19,48,50,24,67,3,14,62,55,35,99,95,83,76,12,51,77,61,24,24
    ,60,15,31,47,24,27,97,98,70,6,24,25,20,23,67,72,55,47,19,53,50,38,22,76,37,63,8
    2,67,52,3,75,84,84,71,49,79,26,89,11,77,55,92,32,81,38,23,54,9,40,80,75,20,7,58
    ,37,72,75,59,46,32,41,82,90,72,59,5,42,2,94,44,44,4,15,37,29,24,10,51,18,8,42,5
    6,9,68,31,99,7,77,59,8,74,80,11,15,93,81,5,72,44,49,39,25,4,18,98,0,93,42,78,36
    ,57,47,16,49,2,85,6,31,17,81,10,54,40,95,68,31,80,29,41,86,32,9,58,96,62,79,25,
    6,45,56,54,0,61,74,90,12,34,11,56,3,41,39,84,32,30,42,81,36,43,5,

    View Slide

  111. joind.in/talk/da53c
    @SammyK #PNWPHP
    bin2hex(random_bytes(16))
    f7f5289027cb6c5116d
    2d3cc78e5819c

    View Slide

  112. joind.in/talk/da53c
    @SammyK #PNWPHP
    You’re not strong until
    you’re crypto-strong!

    View Slide

  113. CSPRNG
    under the hood

    View Slide

  114. View Slide

  115. joind.in/talk/da53c
    @SammyK #PNWPHP
    On Windows: CryptGenRandom
    On BSD: arc4random_buf()
    On Linux: getrandom(2) syscall
    Read directly from /dev/urandom

    View Slide

  116. Fail
    Closed

    View Slide

  117. joind.in/talk/da53c
    @SammyK #PNWPHP
    /dev/urandom
    So what is this
    thing?

    View Slide

  118. /dev/urandom
    Gathers environmental noise
    from the system like…
    …device drivers, inter-keyboard
    timings, inter-interrupt timings
    from some interrupts, and
    other events which are both
    (a) non-deterministic and
    (b) hard for an outside
    observer to measure.
    https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/char/random.c

    View Slide

  119. joind.in/talk/da53c
    @SammyK #PNWPHP
    CSPRNG
    random_bytes()
    random_int()
    7
    /dev/urandom
    Powered by

    View Slide

  120. joind.in/talk/da53c
    @SammyK #PNWPHP
    Still on 5.x?
    paragonie/random_compat
    Polyfill for PHP 7 CSPRNG

    View Slide

  121. joind.in/talk/da53c
    @SammyK #PNWPHP
    TL;DR
    Never use LCG, MT, or any other PRNG in
    cryptographic contexts
    Only use a CSPRNG like
    /dev/urandom for crypto
    Use random_bytes() & random_int() in
    PHP (or install paragonie/random_compat)

    View Slide

  122. joind.in/talk/da53c
    @SammyK #PNWPHP
    More Resources

    View Slide

  123. joind.in/talk/da53c
    @SammyK #PNWPHP
    Recommendation for the Entropy Sources
    Used for Random Bit Generation
    Second Draft - NIST SP 800-90B
    http://csrc.nist.gov/publications/drafts/800-90/sp800-90b_second_draft.pdf

    View Slide

  124. joind.in/talk/da53c
    @SammyK #PNWPHP
    New & improved man pages for
    /dev/urandom
    http://man7.org/linux/man-pages/man7/random.7.html

    View Slide

  125. joind.in/talk/da53c
    @SammyK #PNWPHP
    Myths about
    /dev/urandom
    Thomas Hühn
    https://www.2uo.de/myths-about-urandom/

    View Slide

  126. joind.in/talk/da53c
    @SammyK #PNWPHP
    Cracking Random Number Generators
    Three-part blog post series
    James Roper
    https://jazzy.id.au/2010/09/20/cracking_random_number_generators_part_1.html

    View Slide

  127. joind.in/talk/da53c
    @SammyK #PNWPHP
    How I Met Your Girlfriend
    DEF CON 18
    Samy Kamkar
    https://www.youtube.com/watch?v=fWk_rMQiDGc

    View Slide

  128. joind.in/talk/da53c
    @SammyK #PNWPHP
    Weak RNG in PHP session ID generation
    leads to session hijacking
    Andreas Bogk
    http://seclists.org/fulldisclosure/2010/Mar/519

    View Slide

  129. @SammyK
    SammyK.me
    THANKS!
    SAMMY KAYE POWERS
    Host of @PHPRoundtable
    @ChiPHPUG
    West Coast Swing
    /talk/da53c
    I have
    stickers!

    View Slide