Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:61303 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 99325 invoked from network); 16 Jul 2012 13:58:49 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Jul 2012 13:58:49 -0000 Authentication-Results: pb1.pair.com header.from=ajfweb@googlemail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=ajfweb@googlemail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 74.125.82.170 as permitted sender) X-PHP-List-Original-Sender: ajfweb@googlemail.com X-Host-Fingerprint: 74.125.82.170 mail-we0-f170.google.com Received: from [74.125.82.170] ([74.125.82.170:60638] helo=mail-we0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E6/C4-11081-81E14005 for ; Mon, 16 Jul 2012 09:58:49 -0400 Received: by weyr1 with SMTP id r1so4379268wey.29 for ; Mon, 16 Jul 2012 06:58:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=6FBC0cwVhl6Cj3+bJC5TiyPb4xmEGLa5xonbP7aLoB8=; b=Jk0T1gXEc/+TxHowEfxI3v3g7fJJKq/0XfBIHmB307Az9iYIDPUBMJt2WzNNmjEjir t7CnyJ8662gRDRqr0DwwOP82zkHqx6jV6AFq0lhJfkrismOSlyjpLq50TSh6zwMXOQzQ bm4K9HFUqMBarIegggqIygthEbadWmDQcP4MGbknbtzZ427Bt8Kl+S4CicpoNwY1FNnP i7u7+2ETncoXIJo5aYTdgm7eEfGUZ0YuUHMS/uUxogPAY4+DLkY3xyXu6kpYsrPBMixk 9imtpQbqoUXC9H6AHKQ3kel4MbQS5SA3dm64csajfj6I5EgYqrxvD+5P+NcmxlKc1jMe 7K5Q== Received: by 10.180.96.3 with SMTP id do3mr18499960wib.5.1342447126477; Mon, 16 Jul 2012 06:58:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.71.199 with HTTP; Mon, 16 Jul 2012 06:58:26 -0700 (PDT) In-Reply-To: References: Date: Mon, 16 Jul 2012 14:58:26 +0100 Message-ID: To: Nikita Popov Cc: PHP internals Content-Type: text/plain; charset=UTF-8 Subject: =?UTF-8?Q?Re=3A_=5BPHP=2DDEV=5D_Random_string_generation_=28=C3=A1_la_passwo?= =?UTF-8?Q?rd=5Fmake=5Fsalt=29?= From: ajfweb@googlemail.com (Andrew Faulds) This sounds very useful. To make it easier to use, why not also add some string constants, something like CHARS_HEX, CHARS_BASE64, CHARS_DECIMAL, etc? Then you could just do `random_string(24, CHARS_HEX);` to get a 24-char hex string. On 16 July 2012 14:54, Nikita Popov wrote: > Hi all, > > I just want to throw a quick thought in here: > > The password API proposal includes a function called > password_make_salt(), that basically creates a random string, either > in raw binary form, or in the bcrypt salt format. Personally I don't > see much use for the function in the salt context as the password API > already generates the salt all by itself, but I do see a lot of use > for a random string function in general. People commonly want to > create random strings according to some format. Like CSRF tokens, ids, > etc. > > So my thought was to drop password_make_salt() and instead add some > kind of generalized random_string() function: > > // this is a 20 byte random binary string > $str = random_string(20); > > // ten random hex characters > $str = random_string(10, "0123456789ABCDEF"); > > // 15 characters from the bcrypt alphabet 0-9a-zA-Z./ > $str = random_string(15, > "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./"); > > // if it's not too hard to implement, one could support this kind > of shortcut: > $str = random_string(15, "0-9a-zA-Z./"); > > Thoughts? > > Nikita > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- Andrew Faulds (AJF) http://ajf.me/