public static function Crypt::randomBytes

Returns a string of highly randomized bytes (over the full 8-bit range).

This function is better than simply calling mt_rand() or any other built-in PHP function because it can return a long string of bytes (compared to < 4 bytes normally from mt_rand()) and uses the best available pseudo-random source.

Parameters

int $count: The number of characters (bytes) to return in the string.

Return value

string A randomly generated string.

6 calls to Crypt::randomBytes()
Crypt::randomStringHashed in drupal/core/lib/Drupal/Component/Utility/Crypt.php
Generates a random, base-64 encoded, URL-safe, sha-256 hashed string.
CryptTest::testRandomBytes in drupal/core/tests/Drupal/Tests/Component/Utility/CryptTest.php
Tests \Drupal\Component\Utility\Crypt::randomBytes().
drupal_session_regenerate in drupal/core/includes/session.inc
Called when an anonymous user becomes authenticated or vice-versa.
Php::generate in drupal/core/lib/Drupal/Component/Uuid/Php.php
Implements Drupal\Component\Uuid\UuidInterface::generate().
PhpassHashedPassword::generateSalt in drupal/core/lib/Drupal/Core/Password/PhpassHashedPassword.php
Generates a random base 64-encoded salt prefixed with settings for the hash.

... See full list

File

drupal/core/lib/Drupal/Component/Utility/Crypt.php, line 29
Contains \Drupal\Component\Utility\Crypt.

Class

Crypt
Utility class for cryptographically-secure string handling routines.

Namespace

Drupal\Component\Utility

Code

public static function randomBytes($count) {
  static $random_state, $bytes;

  // Initialize on the first call. The contents of $_SERVER includes a mix of
  // user-specific and system information that varies a little with each page.
  if (!isset($random_state)) {
    $random_state = print_r($_SERVER, TRUE);
    if (function_exists('getmypid')) {

      // Further initialize with the somewhat random PHP process ID.
      $random_state .= getmypid();
    }
    $bytes = '';
  }
  if (strlen($bytes) < $count) {

    // /dev/urandom is available on many *nix systems and is considered the
    // best commonly available pseudo-random source.
    if ($fh = @fopen('/dev/urandom', 'rb')) {

      // PHP only performs buffered reads, so in reality it will always read
      // at least 4096 bytes. Thus, it costs nothing extra to read and store
      // that much so as to speed any additional invocations.
      $bytes .= fread($fh, max(4096, $count));
      fclose($fh);
    }
    elseif (function_exists('openssl_random_pseudo_bytes')) {
      $bytes .= openssl_random_pseudo_bytes($count - strlen($bytes));
    }

    // If /dev/urandom is not available or returns no bytes, this loop will
    // generate a good set of pseudo-random bytes on any system.
    // Note that it may be important that our $random_state is passed
    // through hash() prior to being rolled into $output, that the two hash()
    // invocations are different, and that the extra input into the first one -
    // the microtime() - is prepended rather than appended. This is to avoid
    // directly leaking $random_state via the $output stream, which could
    // allow for trivial prediction of further "random" numbers.
    while (strlen($bytes) < $count) {
      $random_state = hash('sha256', microtime() . mt_rand() . $random_state);
      $bytes .= hash('sha256', mt_rand() . $random_state, TRUE);
    }
  }
  $output = substr($bytes, 0, $count);
  $bytes = substr($bytes, $count);
  return $output;
}