PHP 7 - CSPRNG

In PHP 7, following two new functions are introduced to generate cryptographically secure integers and strings in a cross platform way.

• random_bytes() − Generates cryptographically secure pseudo-random bytes.
• random_int() − Generates cryptographically secure pseudo-random integers.
  

random_bytes()

random_bytes() generates an arbitrary-length string of cryptographic random bytes that are suitable for cryptographic use, such as when generating salts, keys or initialization vectors.

Syntax

string random_bytes ( int $length )

Parameters

• length − The length of the random string that should be returned in bytes.

Return Values

• Returns a string containing the requested number of cryptographically secure random bytes.

Errors/Exceptions

• If an appropriate source of randomness cannot be found, an Exception will be thrown.
• If invalid parameters are given, a TypeError will be thrown.
• If an invalid length of bytes is given, an Error will be thrown.

Example

<?php
   $bytes = random_bytes(5);
   print(bin2hex($bytes));
?>

It produces the following browser output −

54cc305593

random_int()

random_int() generates cryptographic random integers that are suitable for use where unbiased results are critical.

Syntax

int random_int ( int $min , int $max )

Parameters

• min − The lowest value to be returned, which must be PHP_INT_MIN or higher.
• max - The highest value to be returned, which must be less than or equal to PHP_INT_MAX.

Return Values

• Returns a cryptographically secure random integer in the range min to max, inclusive.

Errors/Exceptions

• If an appropriate source of randomness cannot be found, an Exception will be thrown.
• If invalid parameters are given, a TypeError will be thrown.
• If max is less than min, an Error will be thrown.

Example

<?php
   print(random_int(100, 999));
   print("");
   print(random_int(-1000, 0));
?>

It produces the following browser output −

614
-882