Home > Backend Development > PHP Problem > How to use cryptographic pseudo-random number generator with PHP

How to use cryptographic pseudo-random number generator with PHP

醉折花枝作酒筹
Release: 2023-03-10 06:26:01
forward
1921 people have browsed it

This article will introduce to you how to use encrypted pseudo-random number generator in PHP. It has certain reference value. Friends in need can refer to it. I hope it will be helpful to everyone.

How to use cryptographic pseudo-random number generator with PHP

Today we will introduce the encrypted pseudo-random number generator (CSPRNG extension) in PHP . The generation of random numbers is actually very simple, just use the rand() or mt_rand() function, but what we are talking about today is a set of random number generators that use a more complex algorithm. rand() is no longer recommended. mt_rand() generates faster and is now a mainstream function. The encrypted pseudo-random number generation function is cryptographically secure and slightly slower than mt_rand(). It needs to rely on some functions of the operating system, which we will talk about later.

This encryption extension has been integrated in PHP7 and does not require special installation. If it is a version below PHP7, you need to install the extension independently. If you can't find the functions described below when testing, check your current PHP version.

Pseudo-random character generation

var_dump(bin2hex(random_bytes(5)));
// string(10) "f28dc2bdd5"
var_dump(random_bytes(5));
// string(5) "�"��"
Copy after login

random_bytes() Each call will generate a binary string with different content, and the parameter is the binary byte length. The binary data obtained directly is in garbled format, so generally we need to use bin2hex() to convert the binary into a hexadecimal format string that we can understand. However, the result is that the hexadecimal character length after our conversion is twice the character length we set. The function of this function can generate a secure user password salt, key keyword or initialization vector for us.

random_bytes() Each call will generate a string with different content, and the parameter is a random character of character length. Here we pass 5 and return 10 characters. It can be seen that this parameter is The number of characters, and what is returned is actually the number of bytes, corresponding to the return form in which one character occupies two bytes. Or we can just remember that it returns twice the parameters. As for the role of this function, it can generate a secure user password salt, key keyword or initialization vector for us.

Pseudo-random integer generation

var_dump(random_int(100, 999));
var_dump(random_int(-1000, 0));
// int(900)
// int(-791)
Copy after login

For the generation of integer numbers, it is even simpler. Just provide two parameters for the random_int() function, which is the range of random integers. In fact, the usage is the same as mt_rand().

Generation source

The generation source of the above two encrypted pseudo-random functions depends on the operating system, as follows:

  • In Windows system , the CryptGenRandom() function will be used. Starting from 7.2.0, when using CNG-API

  • on Linux systems, the Linux getrandom(2) system call

  • will be used on other systems. Will use /dev/urandom

  • Otherwise an exception will be thrown

Exception situation

These two functions also have corresponding Abnormal situations will occur. For example, if the generation source cannot be found above, an exception will be thrown. Of course, in addition to this, there will be other factors that will also cause exceptions to occur.

  • If no suitable source of randomness is found, an exception will be thrown

  • If the given parameters are invalid, a TypeError will be raised

  • If the given byte length is invalid, an error will be raised

Summary

Today's content is very simple, and also found With the instant use of the random_bytes() function, you no longer need to write a function to randomly generate salt by yourself. Just like in our article about password salting, what is "salting" a password? How to safely "salt" your user passwords? The random character generation function (generateSalt) can basically be replaced by this. Don’t you feel that you have gained a lot? The pace of learning never stops. Let’s continue to explore more interesting content together! !

Test code:

https://github.com/zhangyue0503/dev-blog/blob/master/php/202007/source/PHP%E7%9A%84%E5%8A%A0%E5%AF%86%E4%BC%AA%E9%9A%8F%E6%9C%BA%E6%95%B0%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E4%BD%BF%E7%94%A8.php
Copy after login

Recommended learning: php video tutorial

The above is the detailed content of How to use cryptographic pseudo-random number generator with PHP. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
php
source:segmentfault.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template