Cracking PHP rand()

Webapps occasionaly need to create tokens that are hard to guess. For example for session tokens or CSRF tokens, or in forgot password functionality where you get a token mailed to reset your password. These tokens should be cryptographically secure, but are often made by calling rand() multiple times and transforming the output to a string. This post will explore how hard it is to predict a token made with rand().

Read More

Generate pseudo-random passwords with OpenSSL

Generate a random password using OpenSSL. OpenSSL comes in handy when you need to generate pseudorandom strings, for example to be used for passwords. In this short post I’ll give you a quick example on how to generate random passwords with OpenSSL in Linux (Bash), Windows and PHP, perfect for use with for system accounts and services accounts.

Read More

How to set a good PHP realpath_cache_size

Learn how to set a good PHP realpath_cache_size and optimize your PHP performance. . Increasing realpath_cache_size might greatly improve PHP performance, as PHP states: “this value should be increased on systems where PHP opens many files.” Setting a correct value for PHP realpath_cache_size can greatly improve PHP performance and optimize WordPress – and other CMS’s – websites.

Read More