In response to some people claiming that using a CSPRNG is "going way overboard" and/or is "overkill", I've written this test to verify the performance impact of using a CSPRNG versus their insecure mt_rand()
based hacks.
I think the results are conclusive (at least on my device): A 50% speed increase. In addition to less-predictable randomness.
If anyone would like to suggest a benchmark script (or conditions that lead to different results with mine), let me know and I will link to them here.
I ran this through my simple PHP Benchmark library and got these results on PHP 5.5.20.
openssl_prng = 225800 iterations per second (Fastest)
mcrypt_prng = 107595 iterations per second
better_prng = 99619 iterations per second
shitty_prng = 51612 iterations per second (Slowest)
You can re-run the benchmark and see the comparison on my site.