Reputation: 3831
Does MySQL have a cryptographically secure random number generator?
So far, I have been using PHP to create cryptographically secure random values, with openssl_random_pseudo_bytes. I would like to generate a cryptographically secure token within a stored function. Is RAND() what I am looking for, or is it not cryptographically secure?
Upvotes: 12
Views: 4368
Answers (2)
Reputation: 188
I was looking into the same issue. RANDOM_BYTES(len) seems to be the solution that we have been looking for
https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_random-bytes
would use something like HEX(RANDOM_BYTES(length_of_session_cookie))
Upvotes: 13
Reputation: 852
http://dev.mysql.com/doc/refman/5.7/en/mathematical-functions.html
RAND() is not meant to be a perfect random generator. It is a fast way to generate random numbers on demand that is portable between platforms for the same MySQL version.
If developer says that he didn't develop his function to be perfectly random for me it means a function is probably not perfectly random. And for cryptography you want as random as possible.
Upvotes: 3
Related Questions
- How to generate a random alpha-numeric string
- PHP random string generator
- Secure hash and salt for PHP passwords
- Generate random number between two numbers in JavaScript
- Random number generator only generating one random number
- Why does this code using random strings print "hello world"?
- How can bcrypt have built-in salts?
- SQL injection that gets around mysql_real_escape_string()
- How does a cryptographically secure random number generator work?
- How should I ethically approach user password storage for later plaintext retrieval?