Skip to content

Instantly share code, notes, and snippets.

@mathieuk mathieuk/example_run.txt
Last active Mar 24, 2016

Embed
What would you like to do?
Two files used to try and test for weakness of openssl_random_pseudo_bytes().
$ php test.php 1>log
New process: 10500 16:44:52
New process: 11000 16:44:55
New process: 11500 10:00:02
New process: 12000 10:00:02
New process: 12500 10:00:02
New process: 13000 16:45:06
New process: 13500 10:00:02
New process: 14000 10:00:02
[... snipped for brevity ...]
New process: 5500 10:00:02
New process: 6000 10:00:02
New process: 6500 16:47:24
New process: 7000 10:00:02
New process: 7500 10:00:02
New process: 8000 10:00:02
New process: 8500 16:47:35
New process: 9000 10:00:02
New process: 9500 10:00:02
New process: 10000 10:00:02
New process: 10500 16:47:46
New process: 11000 10:00:02
New process: 11500 10:00:02 // Now it's wrapped the pid counter and ran with the same time setting, you can kill the test.php script
New process: 12000 16:47:54
$ cat log | sort | uniq -d | head
00052b6a
0019930d
001ce092
001f9a30
0034a3db
00361f03
003ade92
003e0f7f
004039d8
0044c346
$ cat log | grep 00052b6a
00052b6a
00052b6a
<?php
// Explicitly initialize the PRNG in the parent process.
openssl_random_pseudo_bytes(4);
for ($i = 0; $i < (65535 * 10); $i++)
{
$pid = pcntl_fork();
if ($pid == -1) {
die('could not fork');
} else if ($pid) {
// we are the parent
if (($pid % 500) == 0)
{
fwrite(STDERR,"New process: $pid " . date('H:i:s') . "\n");
`sudo date -s "2016-03-24 10:00:00"`; // reset the time
}
pcntl_wait($status); //Protect against Zombie children
} else {
$pid = getmypid();
for ($j = 0; $j < 10; $j++)
echo bin2hex(openssl_random_pseudo_bytes(4)), "\n";
exit(0);
}
}
<?php
// Help test.php wrap the pid counter quicker by creating a lot of processes
for($i=0;$i<655350; $i++)
{
$pid = pcntl_fork();
if ($pid == -1)
{
die('could not fork');
}
else if ($pid)
{
pcntl_wait($status);
}
else
{
exit(0);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.