Update (July 7, 2015)Īt the request of Sammy Kaye Powers, one of the authors of the random_bytes() and random_int() functions in PHP 7, we have rolled the above polyfill functions into a MIT licensed library called random_compat. The entropy of the output depends entirely on the $length and $alphabet values passed to the function rather than an inescapable 32 bit upper limit. Since random_str() uses random_int(), which uses random_bytes(), which is in turn cryptographically secure, we can guarantee that the strings it produce have a uniform distribution of possible values which do not follow a predictable pattern. Random_str(20, '0123456789ABCDEFGHIJKLMNOPQRSTUVWZYZabcdefghijklmnopqrstuvwxyz') random_str(20, 'abcdefghijklmnopqrstuvwxyz') If you need a random alphanumeric string, you simply need to tell random_str() how many characters you need, and pass a string with all the possible values you're interested in. Throw new InvalidArgumentException('Invalid alphabet') Throw new InvalidArgumentException('Length must be a positive integer') * Note: See for an alternative implementationįunction random_string($length = 26, $alphabet = 'abcdefghijklmnopqrstuvwxyz234567') If you have a reliable source of unpredictable integers, generating a random string is completely straightforward. Using Random Numbers to Generate Random Strings However, if $range is not an even power of 2, this will result in some values (closer to 0) appearing more often than others. YOU SHOULD NOT BE USING THIS FUNCTION. Throw new Exception('Random number generator failure') * Let's turn $randomByteString into an integer $randomByteString = random_bytes($bytes) * Let's grab the necessary number of random bytes 'random_int: RNG is broken - too many rejections' * $bits is effectively ceil(log($range, 2)) without dealing with * We use ~0 as a mask in this case because it generates all 1s * a float and we will lose some precision. * overflow, however, if $max - $min > PHP_INT_MAX. * At this point, $range is a positive number greater than 0. $attempts = $bits = $bytes = $mask = $valueShift = 0 * so we can minimize the number of discards * $mask => an integer bitmask (for use with the &) operator * $bytes => the number of random bytes we need 'Minimum value must be less than or equal to the maximum value' * Windows with PHP GetRandom($bytes, 0)) Decrease the number of bytes returned from remaining $streamset = stream_set_read_buffer($fp, 0) $buf = mcrypt_create_iv($bytes, MCRYPT_DEV_URANDOM) If you're using libsodium (which we highly recommend), you can use Sodium::randombytes_uniform() like so: function random_str($length, $keyspace = 'abcdefghijklmnopqrstuvwxyz234567') $password = $generator->generateString(26, 'abcdefghijklmnopqrstuvwxyz234567') Alternatively, Anthony Ferrara's RandomLib is a good choice. Quick Answer: If you're developing a web application and your project needs a simple and safe solution for generating random integers or strings, just use random_bytes() (PHP 7 only, or available through our random_compat library).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |