200
seCure develoPment For mobIle APPs
e next group of settings configures the cryptography levels for PHP sessions that
are typically not set and are ignored as powerful tools for increasing session security.
e first setting, ‘session.entropy_file’, sets the source to /dev/ura ndo m . is
is a non-blocking resource, which is faster than /dev/random , which is a block-
ing resource. e use of a high-quality entropy source, such as /dev/urandom/ is
critical for strong cryptography. Encryption strength is directly linked to randomness
and entropy. Predictability is one of the primary methods for defeating encryption.
Setting the hash cipher and the amount of entropy to use is next. Here SHA256 is set
to use 512 bits of entropy. e last setting, ...