tags:

views:

75

answers:

3
+1  Q: 

Big random numbers in PHP - Is this a good approach?

I need a big(like, say, 128-bit big) random number generator in PHP. I was thinking in storing this number in a string as hexadecimal.

Note that this is meant for a login system that mentioned the need for a "random" number, so I'm guessing I really need it to be "random-enough"(because I know pseudo-random is never truly random).

The algorithm I was thinking was generating the number one hex digit at a time, then concatenating it all. Like this:

$random = '';
for ($i = 0; $i < 32; ++$i) {
   $digit = rand(0, 15);
   $random .= ($digit < 10 ? $digit : ($digit - 10 + 'a'));
}
return $random;

Can I trust this function to return good pseudo-random numbers or am I messing with something I really shouldn't?

+6  A: 

http://www.php.net/manual/en/function.uniqid.php#72538

Otar  2010-09-11 13:17:10
+1  A: 

Try:

for ($str = '', $i = 0; $i < $len; $i++) {
    $str .= dechex(mt_rand(0, 15));
}
GZipp  2010-09-11 13:50:05
A: 

I've often seen this handled in login systems by just doing something like:

$salt  = "big string of random stuff"; // you can generate this once like above
$token = md5( $salt . time()); // this will be your "unique" number

MD5 hashes can have collisions, but this is pretty effective and very simple.

julio  2010-09-11 16:37:12
Why not just replace $salt by rand()? Wouldn't it be equally random? Heck, probably even more random.
luiscubal  2010-09-11 20:53:46
that's true, but using rand() will negate your ability to compare the expected hash, if you want to do that. EG. in password situations, you often will hash the users' password with a salt-- then since you presumably are the only one who knows the salt, you can then compare the hash you've recorded in the DB for that user with the "expected hash", and you can verify that it's correct.
julio  2010-09-16 16:37:12

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases