在 PHP 中生成随机密钥的最佳方法是什么? [英] What is the best way to generate a random key within PHP?

问题描述

我希望创建一个可重复使用的函数，该函数将生成一个随机密钥，该密钥具有选定长度的可打印 ACSII 字符(从 2 到 1000+ 的任意位置).我认为可打印的 ASCII 字符是 33-126.它们的密钥不需要完全唯一，只要在完全相同的毫秒内生成就可以是唯一的(因此 uniqid() 将不起作用).

I'm looking to create a reusable function that will generate a random key with printable ACSII characters of chosen length (anywhere from 2 to 1000+). I'm thinking printable ASCII characters would be 33-126. They key does not need to be completely unique, just unique if generated at the exact same millisecond (so uniqid() won't work).

我认为 chr() 和 mt_rand() 的组合可能会起作用.

I'm thinking a combination of chr() and mt_rand() might work.

这是要走的路，还是其他最好的方法?

Is this the way to go, or is something else the best method?

uniqid() 也不会工作，因为它没有长度参数，它只是 PHP 给你的.

uniqid() will also not work because it doesn't have a length parameter, it's just whatever PHP gives you.

我的想法:这就是我的想法:

function GenerateKey($length = 16) {
    $key = '';

    for($i = 0; $i < $length; $i ++) {
        $key .= chr(mt_rand(33, 126));
    }

    return $key;
}

这有什么问题吗?

另一个大多数其他问题都与密码生成有关.我想要更多种类的字符，我不在乎 1 与 l.我想要尽可能多的可能的键.

Another Most of the other questions deal with password generation. I want a wider variety of characters and I don't care about 1 vs l. I want the maximum number of possible keys to be possible.

注意:生成的密钥不一定是加密安全的.

推荐答案

更新 (12/2015):对于 PHP 7.0，您应该使用 random_int() 而不是 mt_rand，因为它提供加密安全值"

Update (12/2015): For PHP 7.0, you should use random_int() instead of mt_rand as it provides "cryptographically secure values"

就个人而言，我喜欢使用 sha1(microtime(true).mt_rand(10000,90000)) 但您正在寻找更多可定制的方法，所以试试这个功能(这是一个修改您对这个答案的要求:

Personally, I like to use sha1(microtime(true).mt_rand(10000,90000)) but you are looking for more of a customizable approach, so try this function (which is a modification to your request of this answer):

function rand_char($length) {
  $random = '';
  for ($i = 0; $i < $length; $i++) {
    $random .= chr(mt_rand(33, 126));
  }
  return $random;
}

不过，这可能会比 uniqid()、md5() 或 sha1() 慢得多.

Still, this will probably be significantly slower than uniqid(), md5(), or sha1().

抱歉，您似乎是第一个知道的.:D

Looks like you got to it first, sorry. :D

编辑 2:我决定用 PHP 5 和 eAccelerator 在我的 Debian 机器上做一个不错的小测试(原谅长代码):

Edit 2: I decided to do a nice little test on my Debian machine with PHP 5 and eAccelerator (excuse the long code):

function rand_char($length) {
  $random = '';
  for ($i = 0; $i < $length; $i++) {
    $random .= chr(mt_rand(33, 126));
  }
  return $random;
}

function rand_sha1($length) {
  $max = ceil($length / 40);
  $random = '';
  for ($i = 0; $i < $max; $i ++) {
    $random .= sha1(microtime(true).mt_rand(10000,90000));
  }
  return substr($random, 0, $length);
}

function rand_md5($length) {
  $max = ceil($length / 32);
  $random = '';
  for ($i = 0; $i < $max; $i ++) {
    $random .= md5(microtime(true).mt_rand(10000,90000));
  }
  return substr($random, 0, $length);
}

$a = microtime(true);
for ($x = 0; $x < 1000; $x++)
  $temp = rand_char(1000);

echo "Rand:	".(microtime(true) - $a)."
";

$a = microtime(true);
for ($x = 0; $x < 1000; $x++)
  $temp = rand_sha1(1000);

echo "SHA-1:	".(microtime(true) - $a)."
";

$a = microtime(true);
for ($x = 0; $x < 1000; $x++)
  $temp = rand_md5(1000);

echo "MD5:	".(microtime(true) - $a)."
";

结果:

Rand:   2.09621596336
SHA-1:  0.611464977264
MD5:    0.618473052979

所以我的建议是，如果您想要速度(但不是完整字符集)，请坚持使用 MD5、SHA-1 或 Uniqid(我还没有测试......)

So my suggestion, if you want speed (but not full charset), is to stick to MD5, SHA-1, or Uniqid (which I didn't test.. yet)

这篇关于在 PHP 中生成随机密钥的最佳方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！