Hey,
interesting blog post :)

One recommendation though:
Instead of mt_rand(), use stronger methods to generate "random data".

-read from /dev/urandom;
-openssl_random_pseudo_bytes(40, $cstrong); // and check $cstrong (PHP 5.3.4+)
-mcrypt_create_iv(40, MCRYPT_DEV_URANDOM); (PHP 5.3+)