Timeline for PHP random string generator
Current License: CC BY-SA 4.0
30 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Dec 2, 2023 at 15:26 | comment | added | AbdulelahAGR | Years later and your answer is still very useful. Thank you so much. It is exactly what I want, a simple and generalized solution. | |
| Oct 27, 2022 at 12:35 | comment | added | user19827315 | I was looking for an answer like yours. Thank you @scott-arciszewski! | |
| Feb 26, 2021 at 23:36 | comment | added | Chuck Le Butt | To answer my own question, even when generating 100,000 strings of various lengths, there is no performance impact that I could detect. You may as well change to a string if that feels more readable. | |
| Feb 26, 2021 at 23:15 | comment | added | Chuck Le Butt | I wanted to echo @KevinGlier's question. Love this answer, but what's the purpose of constructing an array and them imploding it back into a string (which is basically already an array of characters anyway)? I assume there's good reason, I just don't understand it. | |
| Apr 28, 2020 at 9:48 | comment | added | Kevin Glier | I really like your answer, but I question myself. Why do you use implode() at the end and not just append the new characters with a .= instead of adding them to an array? Is there a huge performance impact? | |
| Sep 15, 2019 at 18:52 | comment | added | user2607743 | I am sure the OP knows this already, but it's worth mentioning: remove vowels to avoid generating some pretty fancy curse words, if you'll be sending this password in an email to your new customers / new registered users. | |
| Jul 30, 2019 at 15:06 | history | edited | Scott Arciszewski | CC BY-SA 4.0 |
Implement suggestion from Jamie Robinson (https://stackoverflow.com/users/3568340/jamie-robinson)
|
| Jul 30, 2019 at 11:09 | comment | added | Jamie Robinson | I would suggest a few minor improvements, to harden this function further and prevent it's mis-use. As the author rightly says, why not make it as good as possible for the copy and pasters! Add type declarations for the arguments (for PHP 7+ use of course), "int" and "string" respectively and return casting, "string". A strong default length, 64? Then add an error for the length being less than 1, which would result in a blank string. | |
| Jun 28, 2019 at 2:35 | comment | added | Scott Arciszewski | Don't use it on multibyte strings. Write your own if you want that. | |
| Jun 26, 2019 at 16:38 | comment | added | vee |
Due to this function accept 2nd parameter ($keyspace) and you are using string index ($string[12] - for example) which is not support multi-byte or unicode characters. ( see php.net/manual/en/… ) So, this would be good if it is able to check for ascii characters first using if (strtolower(mb_detect_encoding($keyspace)) === 'ascii') otherwise it can random something like 'กขคงจฉช' to '���'.
|
|
| Apr 1, 2018 at 20:29 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
edited body
|
| Apr 1, 2018 at 20:21 | comment | added | Scott Arciszewski |
Using random_int() instead of rand() or mt_rand() adds no complexity for the developer. At the same time, it gives them greater security. People who come to StackOverflow looking for quick solutions might not know if the thing they're building needs to be secure or not. If we give them secure-by-default answers, they create a more secure Internet even if, from their perspective, it's totally accidental. Why you would oppose this goal is a mystery to me.
|
|
| Mar 31, 2018 at 19:57 | comment | added | JG Estiot | @ Scott Arciszewski You do not need to create cryptographically random strings every time you create random strings. The question was about creating randomized strings and this has nothing to do with security. You assumed that the string is going to be used in a security-sensitive context and you add a layer of complexity that deters from the core of the question. | |
| Mar 30, 2018 at 14:05 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
added 23 characters in body
|
| Mar 30, 2018 at 13:47 | comment | added | Scott Arciszewski | @JGEstiot Creating securely random strings requires cryptographically secure randomness. Someone searching "how to generate random strings in PHP" is better served by a secure answer than an insecure answer. | |
| Mar 29, 2018 at 8:05 | comment | added | JG Estiot | The question was not about cryptography | |
| Oct 30, 2017 at 17:37 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
Use RandomLib v2 since ircmaxell abandoned his PHP libraries.
|
| Oct 29, 2017 at 21:24 | comment | added | Magiranu | @KrzysztofTrzos Would you mind posting an updated version which is fixed with what you mentioned in your comment? | |
| Aug 8, 2017 at 12:08 | comment | added | Jazi |
Notice: The "RandomLib" is no more supported, from I see. It has last commit from about 11 months (from now) and problems with PHP 7.1: github.com/ircmaxell/RandomLib/issues/55 Someone from this issue suggested to use openssl_random_pseudo_bytes().
|
|
| Apr 17, 2017 at 13:49 | comment | added | Scott Arciszewski | What do you mean by "for more security"? We're already using a secure random number generator. | |
| Apr 16, 2017 at 19:17 | comment | added | Jevgenij Dmitrijev |
At the beginning of the function add $keyspace = str_shuffle($keyspace ); for more security
|
|
| Dec 2, 2016 at 18:57 | review | Suggested edits | |||
| Dec 2, 2016 at 19:17 | |||||
| Aug 25, 2016 at 22:00 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
Add usage and link to demo script on 3v4l
|
| Dec 3, 2015 at 21:16 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
added 8 characters in body
|
| Jul 8, 2015 at 9:20 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
Our library is much more likely to be secure than a snippet in a SO post.
|
| Jul 6, 2015 at 13:31 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
Add ord() to extract integer
|
| Jul 2, 2015 at 20:34 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
Don't use floating point operators.
|
| Jun 29, 2015 at 4:04 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
added 37 characters in body
|
| Jun 29, 2015 at 3:51 | history | edited | Scott Arciszewski | CC BY-SA 3.0 |
added 192 characters in body
|
| Jun 29, 2015 at 3:41 | history | answered | Scott Arciszewski | CC BY-SA 3.0 |