I want to create a random ints and strings in PHP and so I decided to use mcrypt_create_iv. It is written in manual that it uses /dev/random and /dev/urandom for randomness but I can't find a simple tutorial on how to generate random Int and String using this function. I tried some code but this function gives me unreadable characters. So please can you give me a simple example of how properly I can use it?
问题:
回答1:
If you want to generate random numbers, use mt_rand
:
$random = mt_rand(0, 999999);
If you want a string, you can pass the resulting integer through a hash function:
$random = mt_rand(0, 999999);
$random_string = sha1($random);
mcrypt_create_iv
is used in cryptography. It is totally unrelated to your requirement.
If you're looking to use the random string in security components (salts, passwords, etc.), read from /dev/urandom
like so:
$random = file_get_contents('/dev/urandom', false, null, 0, 10);
...where 10
is the length, then convert like this:
$string = bin2hex($random);
$number = current(unpack('L', $random));
回答2:
Firstly, how do you want to use the random strings, what do you want to use them for? If it is for generating salts for passwords you can use this function to generate better random strings than those generated by uniqid() or mt_rand(). See Secure Password Hashing and see code below on how to generate a random string using mcrypt_create_iv()). If you want the strings for user identification why not try out UUID instead. The use of mcrypt_create_iv on its own will simply generate unreadable characters. To "convert" those unreadable characters to something readable use the bin2hex function like this:
$random_string = bin2hex(mcrypt_create_iv(30, [MCRYPT_DEV_RANDOM|MCRYPT_DEV_URANDOM|MCRYPT_RAND]));
The "30" is the size of the initialization vector that you want to get. Remember, using MCRYPT_DEV_URANDOM and MCRYPT_DEV_RANDOM on Windows machines with PHP versions older than the 5.3.0 release will not work. Use MCRYPT_RAND instead for such cases.
回答3:
rand ( int $min , int $max ) use this for random numbers and for strings take a md5 or sha1 hash of the random number;