Php 简明教程
PHP – CSPRNG
CSPRNG 的缩写代表密码安全伪随机数生成器。PHP 函数库包含了许多用于生成随机数的函数。例如:
The acronym CSPRNG stands for Cryptographically Secure Pseudorandom Number Generator. PHP function library includes many functions that generate random numbers. For example −
-
mt_rand() − Generate a random value via the Mersenne Twister Random Number Generator
-
mt_srand() − Seeds the Mersenne Twister Random Number Generator
-
rand() − Generate a random integer.
Example
以下代码演示了如何使用函数 mt_rand() 来生成随机数:
The following code shows how you can use the function mt_rand() to generate random numbers −
<?php
# Generates random integer between the range
echo "Random integer: " . rand(1,100) . PHP_EOL;
# Generate a random value via the Mersenne Twister Random Number Generator
echo "Random number: " . mt_rand(1,100);
?>它将生成以下 output −
It will produce the following output −
Random integer: 45
Random number: 86请注意,每次执行代码时输出可能不同。但是由这些函数生成的随机数并非密码安全,因为可能会猜出其结果。PHP 7 引入了几个生成安全随机数的函数。
Note that the output may vary every time the code is executed. However, random numbers generated by these functions are not cryptographically safe, as it is possible to guess their outcome. PHP 7, introduced a couple of functions that generate secure random numbers.
以下函数具有加密安全性,是新添加的 -
The following functions which are cryptographically secure, are newly added −
-
random_bytes() − Generates cryptographically secure pseudo-random bytes.
-
random_int() − Generates cryptographically secure pseudo-random integers.
The random_bytes() Function
random_bytes() 生成任意长度的加密随机比特串,该串适合用于加密用途,例如生成哈希盐、密钥或初始化向量时。
random_bytes() generates an arbitrary-length string of cryptographic random bytes that are suitable for cryptographic use, such as when generating salts, keys or initialization vectors.
string random_bytes ( int $length )Parameters
-
length − The length of the random string that should be returned in bytes.
该函数返回一个包含请求数量的加密安全随机比特串的字符串。
The function returns a string containing the requested number of cryptographically secure random bytes.
如果找不到适当的随机性来源,将抛出一个 Exception。如果给定无效的参数,将抛出一个 TypeError。如果给定了无效的字节长度,将抛出一个 Error。
If an appropriate source of randomness cannot be found, an Exception will be thrown. If invalid parameters are given, a TypeError will be thrown. If an invalid length of bytes is given, an Error will be thrown.
The random_int() Function
random_int() 生成加密随机整数,适用于在公正结果极其重要的场景下使用。
random_int() generates cryptographic random integers that are suitable for use where unbiased results are critical.
int random_int ( int $min , int $max )Parameters
-
min − The lowest value to be returned, which must be PHP_INT_MIN or higher.
-
max − The highest value to be returned, which must be less than or equal to PHP_INT_MAX.
该函数返回一个在 min 到 max 范围内的加密安全随机整数(包含边界值)。
The function returns a cryptographically secure random integer in the range min to max, inclusive.
如果找不到适当的随机性来源,将抛出一个 Exception。如果给定无效的参数,将抛出一个 TypeError。如果 max 小于 min,将抛出一个 Error。
If an appropriate source of randomness cannot be found, an Exception will be thrown. If invalid parameters are given, a TypeError will be thrown. If max is less than min, an Error will be thrown.