I need a replacement for PHP's rand()
function that uses a cryptographically strong random number generator.
The openssl_random_pseudo_bytes()
function gets you access to the strong random number generator, but it outputs its data as a byte string. Instead, I need an integer between 0 and X.
I imagine the key is to get the output of openssl_random_pseudo_bytes()
into an integer, then you can do any math on it that you need to. I can think of a few "brute force" ways of converting from a byte string to an integer, but I was hoping for something ... elegant.
Edit
Using the suggestion from angrychimp, I've created a drop-in replacement for rand() using OpenSSL. I'll include it here for posterity:
function crypto_rand($min,$max) {
$range = $max - $min;
if ($range == 0) return $min; // not so random...
$length = (int) (log($range,2) / 8) + 1;
$num = hexdec(bin2hex(openssl_random_pseudo_bytes($length,$s))) % $range;
return $num + $min;
}