Laravel str_random()还是自定义函数? [英] Laravel str_random() or custom function?
问题描述
例如:
str_random(32);
这会产生一个由字母数字字符[a-zA-z0-9 ](共62个字符)。
这等同于2272657884496751345355241563627544170162852933518655225856的可能性。
然而,我的问题是,这是否足够好?或者我应该考虑使用UUID或其他自定义函数。 Str :: random()
)尝试使用 openssl_random_pseudo_bytes
这是一个伪随机数生成器,独特之处。如果 openssl_random_pseudo_bytes
不可用,它将回落到 quickRandom()
:
public static function quickRandom($ length = 16)
{
$ pool ='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
return substr(str_shuffle(str_repeat($ pool,5)),0,$ length);
}
在我看来 quickRandom
代码在唯一性和加密方面不可靠。
是的,有 openssl_random_pseudo_bytes
和使用32字节几乎不可能看到碰撞,但它仍然是可能的。如果你想确保你的字符串/数字是唯一的(99.99%),你最好使用UUID函数。这是我通常使用的:
/ **
*
*生成v4 UUID
*
*版本4 UUID是伪随机的。
* /
public static function v4()
{
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x' ,
// 32位为time_low
mt_rand(0,0xffff),mt_rand(0,0xffff),
// 16位为time_mid
mt_rand(0,0xffff),
// 16位为time_hi_and_version,
//四个最高有效位保存版本号4
mt_rand(0 ,0x4000,
// 16位,clk_seq_hi_res8位,
//clk_seq_low8位,
//两个最高有效位零和一个用于变体DCE1.1
mt_rand(0,0x3fff)| 0x8000,
// 48位用于节点
mt_rand(0,0xffff),mt_rand 0,0xffff),mt_rand(0,0xffff)
);
}
它生成一个有效的RFC 4211 COMPLIANT版本4 UUID。
选中此项: http: //en.wikipedia.org/wiki/UUID#Random%5FUUID%5Fprobability%5Fof%5Fduplicates
Is the Laravel str_random() function random enough so that I can use it for IDs?
For example:
str_random(32);
This produces a random string of length 32 made up of alphanumeric characters [a-zA-z0-9] (62 characters in total).
Which equates to 2272657884496751345355241563627544170162852933518655225856 possibilities.
However, my question is, is this going to be good enough? Or should I consider using UUIDs or another custom function.
str_random
(Str::random()
) tries to use openssl_random_pseudo_bytes
which is a pseudo random number generator optimized for cryptography, not uniqueness. If openssl_random_pseudo_bytes
is not available, it falls back to quickRandom()
:
public static function quickRandom($length = 16)
{
$pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
return substr(str_shuffle(str_repeat($pool, 5)), 0, $length);
}
In my opinion quickRandom
code is not reliable for uniqueness nor cryptography.
Yes, having openssl_random_pseudo_bytes
and using 32 bytes is almost impossible to see a collision, but it's still possible. If you want to make sure your strings/numbers will be unique (99.99%), you better use a UUID function. This is what I normally use:
/**
*
* Generate v4 UUID
*
* Version 4 UUIDs are pseudo-random.
*/
public static function v4()
{
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low"
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
// 16 bits for "time_mid"
mt_rand(0, 0xffff),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
mt_rand(0, 0x0fff) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
mt_rand(0, 0x3fff) | 0x8000,
// 48 bits for "node"
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
);
}
It generates a VALID RFC 4211 COMPLIANT version 4 UUID.
Check this: http://en.wikipedia.org/wiki/UUID#Random%5FUUID%5Fprobability%5Fof%5Fduplicates
这篇关于Laravel str_random()还是自定义函数?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!