Home > Backend Development > PHP Tutorial > CSPRNG function in PHP

CSPRNG function in PHP

墨辰丷
Release: 2023-03-29 19:34:02
Original
1876 people have browsed it

This article mainly introduces the CSPRNG function in PHP. Interested friends can refer to it. I hope it will be helpful to everyone.

1. What is CSPRNG

Quoting Wikipedia, a cryptographically secure pseudo-random number generator (Cryptographically Secure Pseudorandom Number Generator, abbreviated CSPRNG) is a pseudo-random number generator. Random number generator (PRNG), which generates pseudo-random numbers suitable for cryptographic algorithms.

CSPRNG may be mainly used for:

  • Key generation (for example, generating complex keys)

  • Generate random passwords for new users

  • Encryption system

Get A key aspect of high-level security is high-quality randomness

2. CSPRNG in PHP7

PHP 7 introduces two new functions that can be used to implement CSPRNG: random_bytes and random_int.

random_bytes function returns a string and accepts an int input parameter representing the number of bytes of the returned result.

Example:


$bytes = random_bytes('10');
var_dump(bin2hex($bytes));
//possible ouput: string(20) "7dfab0af960d359388e6"
Copy after login


random_int function returns an int number within the specified range.

Example:


var_dump(random_int(1, 100));
//possible output: 27
Copy after login


##3. Background running environment

The randomness of the above functions varies depending on the environment:

  • On windows, CryptGenRandom() is always used.

  • On other platforms, arc4random_buf() will be used if available (established on BSD series or systems with libbsd)

  • If none of the above is true, a Linux system call getrandom(2) will be used.

  • If not, /dev/urandom will be used as the last available tool

  • If none of the above works, the system will throw an error

##4. A simple test

A good random number generation system ensures appropriate generation "quality". To check this quality, a series of statistical tests are usually performed. Without delving into complex statistics topics, comparing a known behavior to the results of a number generator can help with quality assessment.

A simple test is the dice game. Assume that the probability of rolling a dice once to get a result of 6 is 1/6, then if I roll 3 dice at the same time 100 times, the result will be roughly as follows:

0 6 = 57.9 times

1 6 = 34.7 times

2 6s = 6.9 times
3 6s = 0.5 times
The following is the code to implement rolling dice 1,000,000 times:

$times = 1000000;
$result = [];
for ($i=0; $i<$times; $i++){
  $dieRoll = array(6 => 0); //initializes just the six counting to zero
  $dieRoll[roll()] += 1; //first die
  $dieRoll[roll()] += 1; //second die
  $dieRoll[roll()] += 1; //third die
  $result[$dieRoll[6]] += 1; //counts the sixes
}
function roll(){
  return random_int(1,6);
}
var_dump($result);
Copy after login


Using PHP7's random_int and simple rand function may get the following results

If you see rand and random_int first, more For a good comparison we can apply a formula and plot the results on a graph. The formula is: (php result-expected result)/expected result raised to the 0.5 power.

The result graph is as follows:

(values ​​close to 0 are better)

Although the results of 3 6's do not perform well, and This test is too simple for practical applications. We can still see that random_int performs better than rand.

Furthermore, the security level of our application is due to the unpredictability and repeatable behavior of the random number generator. promote.

Summary: The above is the entire content of this article, I hope it will be helpful to everyone's study.

Related recommendations:

Execution Cycle Example Analysis of PHP Principles


##Detailed explanation of PHP source code directory structure and function description


##PHP modular installation detailed step-by-step tutorial



##

The above is the detailed content of CSPRNG function in PHP. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template