random_bytes

(PHP 7)

random_bytes — Generates cryptographically secure pseudo-random bytes

Beschreibung

string random_bytes ( int $length )

Generates an arbitrary length string of cryptographic random bytes that are suitable for cryptographic use, such as when generating salts, keys or initialization vectors.

The sources of randomness used for this function are as follows:

On Windows, » CryptGenRandom() will always be used.
On Linux, the » getrandom(2) syscall will be used if available.
On other platforms, /dev/urandom will be used.
If none of the aforementioned sources are available, then an Exception will be thrown.

Hinweis: Although this function was added to PHP in PHP 7.0, a » userland implementation is available for PHP 5.2 to 5.6, inclusive.

Parameter-Liste

length: The length of the random string that should be returned in bytes.

Rückgabewerte

Returns a string containing the requested number of cryptographically secure random bytes.

Fehler/Exceptions

If an appropriate source of randomness cannot be found, an Exception will be thrown.
If invalid parameters are given, a TypeError will be thrown.
If an invalid length of bytes is given, an Error will be thrown.

Beispiele

Beispiel #1 random_bytes() example


<?php
$bytes = random_bytes(5);
var_dump(bin2hex($bytes));
?>

Das oben gezeigte Beispiel erzeugt eine ähnliche Ausgabe wie:

string(10) "385e33f741"

Siehe auch

random_int() - Generates cryptographically secure pseudo-random integers
openssl_random_pseudo_bytes() - Generate a pseudo-random string of bytes
bin2hex() - Wandelt Binär-Daten in ihre hexadezimale Entsprechung um

add a note

User Contributed Notes 2 notes

down

akam at akameng dot com ¶

2 months ago


I used below function to create random token, and also a salt from the token. I used it in my application to prevent CSRF attack.

<?php
function RandomToken($length = 32){
    if(!isset($length) || intval($length) <= 8 ){
      $length = 32;
    }
    if (function_exists('random_bytes')) {
        return bin2hex(random_bytes($length));
    }
    if (function_exists('mcrypt_create_iv')) {
        return bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
    } 
    if (function_exists('openssl_random_pseudo_bytes')) {
        return bin2hex(openssl_random_pseudo_bytes($length));
    }
}

function Salt(){
    return substr(strtr(base64_encode(hex2bin(RandomToken(32))), '+', '.'), 0, 44);
}

echo (RandomToken());
echo "\n";
echo Salt();
echo "\n";

/*
This function is same as above but its only used for debugging
*/
function RandomTokenDebug($length = 32){
    if(!isset($length) || intval($length) <= 8 ){
      $length = 32;
    }
    $randoms = array();
    if (function_exists('random_bytes')) {
        $randoms['random_bytes'] = bin2hex(random_bytes($length));
    }
    if (function_exists('mcrypt_create_iv')) {
        $randoms['mcrypt_create_iv'] = bin2hex(mcrypt_create_iv($length, MCRYPT_DEV_URANDOM));
    }
    if (function_exists('openssl_random_pseudo_bytes')) {
        $randoms['openssl_random_pseudo_bytes'] = bin2hex(openssl_random_pseudo_bytes($length));
    }
    
    return $randoms;
}
echo "\n";
print_r (RandomTokenDebug());

?>

down

-18

niklongstone at gmail dot com ¶

7 months ago


In order to handling better the result, could be useful to combine random_bytes with the unpack function, because gives more flexibility.

Example:
$bytes = random_bytes(10);
$value = unpack('H*', $bytes);
var_dump($value);

Output:
array(1) { [1]=> string(20) "5f655db3ae43c256937b" }

add a note