This encryption extension has been integrated in PHP7 and does not require special installation. If it is a version below PHP7, you need to install the extension independently. If you can't find the functions described below when testing, check your current PHP version.
Pseudo-random character generation
var_dump(bin2hex(random_bytes(5))); // string(10) "f28dc2bdd5" var_dump(random_bytes(5)); // string(5) "�"��"
random_bytes() Each call will generate a binary string with different content, and the parameter is the binary byte length. The binary data obtained directly is in garbled format, so generally we need to use bin2hex() to convert the binary into a hexadecimal format string that we can understand. However, the result is that the hexadecimal character length after our conversion is twice the character length we set. The function of this function can generate a secure user password salt, key keyword or initialization vector for us.
random_bytes() Each call will generate a string with different content, and the parameter is a random character of character length. Here we pass 5 and return 10 characters. It can be seen that this parameter is The number of characters, and what is returned is actually the number of bytes, corresponding to the return form in which one character occupies two bytes. Or we can just remember that it returns twice the parameters. As for the role of this function, it can generate a secure user password salt, key keyword or initialization vector for us.
Pseudo-random integer generation
var_dump(random_int(100, 999)); var_dump(random_int(-1000, 0)); // int(900) // int(-791)
For the generation of integer numbers, it is even simpler. Just provide two parameters for the random_int() function, which is the range of random integers. In fact, the usage is the same as mt_rand().
Generation source
The generation source of the above two encrypted pseudo-random functions depends on the operating system, as follows:
In Windows system , the CryptGenRandom() function will be used. Starting from 7.2.0, when using CNG-API
on Linux systems, the Linux getrandom(2) system call
will be used on other systems. Will use /dev/urandom
Otherwise an exception will be thrown
Exception situation
These two functions also have corresponding Abnormal situations will occur. For example, if the generation source cannot be found above, an exception will be thrown. Of course, in addition to this, there will be other factors that will also cause exceptions to occur.
If no suitable source of randomness is found, an exception will be thrown
If the given parameters are invalid, a TypeError will be raised
If the given byte length is invalid, an error will be raised
Summary
Today's content is very simple, and also found With the instant use of the random_bytes() function, you no longer need to write a function to randomly generate salt by yourself. Just like in our article about password salting, what is "salting" a password? How to safely "salt" your user passwords? The random character generation function (generateSalt) can basically be replaced by this. Don’t you feel that you have gained a lot? The pace of learning never stops. Let’s continue to explore more interesting content together! !
Test code:
https://github.com/zhangyue0503/dev-blog/blob/master/php/202007/source/PHP%E7%9A%84%E5%8A%A0%E5%AF%86%E4%BC%AA%E9%9A%8F%E6%9C%BA%E6%95%B0%E7%94%9F%E6%88%90%E5%99%A8%E7%9A%84%E4%BD%BF%E7%94%A8.php
Recommended learning: php video tutorial
