Last active
March 24, 2016 16:00
-
-
Save mathieuk/63cc6479734b820340b6 to your computer and use it in GitHub Desktop.
Two files used to try and test for weakness of openssl_random_pseudo_bytes().
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ php test.php 1>log | |
| New process: 10500 16:44:52 | |
| New process: 11000 16:44:55 | |
| New process: 11500 10:00:02 | |
| New process: 12000 10:00:02 | |
| New process: 12500 10:00:02 | |
| New process: 13000 16:45:06 | |
| New process: 13500 10:00:02 | |
| New process: 14000 10:00:02 | |
| [... snipped for brevity ...] | |
| New process: 5500 10:00:02 | |
| New process: 6000 10:00:02 | |
| New process: 6500 16:47:24 | |
| New process: 7000 10:00:02 | |
| New process: 7500 10:00:02 | |
| New process: 8000 10:00:02 | |
| New process: 8500 16:47:35 | |
| New process: 9000 10:00:02 | |
| New process: 9500 10:00:02 | |
| New process: 10000 10:00:02 | |
| New process: 10500 16:47:46 | |
| New process: 11000 10:00:02 | |
| New process: 11500 10:00:02 // Now it's wrapped the pid counter and ran with the same time setting, you can kill the test.php script | |
| New process: 12000 16:47:54 | |
| $ cat log | sort | uniq -d | head | |
| 00052b6a | |
| 0019930d | |
| 001ce092 | |
| 001f9a30 | |
| 0034a3db | |
| 00361f03 | |
| 003ade92 | |
| 003e0f7f | |
| 004039d8 | |
| 0044c346 | |
| $ cat log | grep 00052b6a | |
| 00052b6a | |
| 00052b6a | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Explicitly initialize the PRNG in the parent process. | |
| openssl_random_pseudo_bytes(4); | |
| for ($i = 0; $i < (65535 * 10); $i++) | |
| { | |
| $pid = pcntl_fork(); | |
| if ($pid == -1) { | |
| die('could not fork'); | |
| } else if ($pid) { | |
| // we are the parent | |
| if (($pid % 500) == 0) | |
| { | |
| fwrite(STDERR,"New process: $pid " . date('H:i:s') . "\n"); | |
| `sudo date -s "2016-03-24 10:00:00"`; // reset the time | |
| } | |
| pcntl_wait($status); //Protect against Zombie children | |
| } else { | |
| $pid = getmypid(); | |
| for ($j = 0; $j < 10; $j++) | |
| echo bin2hex(openssl_random_pseudo_bytes(4)), "\n"; | |
| exit(0); | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Help test.php wrap the pid counter quicker by creating a lot of processes | |
| for($i=0;$i<655350; $i++) | |
| { | |
| $pid = pcntl_fork(); | |
| if ($pid == -1) | |
| { | |
| die('could not fork'); | |
| } | |
| else if ($pid) | |
| { | |
| pcntl_wait($status); | |
| } | |
| else | |
| { | |
| exit(0); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment