Reputation: 165
Cryptographically secure and unique string in PHP
I've been using
$string = bin2hex(openssl_random_pseudo_bytes(16)) . uniqid();
Because I need some string that is both crytopgrahically secure and unique. Question is: is this a naive approach? By using the result of uniqid() tacked onto the end of the string,am I giving away any information that might compromise the security of the string? I ask this because uniqid() is based on system time, and my concern is whether that could give any information away that allows an attacker to guess future outputs?
Thanks
Upvotes: 3
Views: 1026
Answers (2)
Reputation: 290
You should use one from the following to generate crytopgrahically secure unique string/number,
bin2hex(openssl_random_pseudo_bytes(16, TRUE));// Refer manual - (PHP 5 >= 5.3.0, PHP 7)bin2hex(random_bytes(16));// Refer manual - (PHP 7)- If you want to generate random number, you can use
random_int(100, 999)// Refer manual - (PHP 7)
Upvotes: 3
Reputation: 40946
Why are you tacking uniqid to it? why not just use the first function?
With 16 bytes, there are about 34 followed by 38 zeros possibilities. For almost any application, the risk of collision is negligible. I would stick to just
bin2hex(openssl_random_pseudo_bytes(16))
From the manual:
If you need a cryptographically secure value, consider using random_int(), random_bytes(), or openssl_random_pseudo_bytes()
Upvotes: 1
Related Questions
- How to generate unique secure random string in PHP?
- Cryptographically secure random ASCII-string in PHP
- Cryptographically Secure Random String Function
- Encrypting strings in PHP
- Generate a Unique Key
- Generating a random and unique string
- About Generating Random Unique and Secure PHP Strings
- Unique identification string in php
- What would be the best way to encrypt data for a unique use?
- PHP - How do you secure a unique variable name?