Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:88660
Return-Path: <ajf@ajf.me>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 67248 invoked from network); 4 Oct 2015 10:29:09 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Oct 2015 10:29:09 -0000
X-Host-Fingerprint: 109.111.195.162 unknown  
Received: from [109.111.195.162] ([109.111.195.162:20330] helo=localhost.localdomain)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 62/E5-31315-37FF0165 for <internals@lists.php.net>; Sun, 04 Oct 2015 06:29:08 -0400
Message-ID: <62.E5.31315.37FF0165@pb1.pair.com>
To: internals@lists.php.net
References: <CAKws9z3PBidEXQOZokomG-Y6GbfuefoTF=mXohJqZL=7w1xtGA@mail.gmail.com>
Date: Sun, 4 Oct 2015 11:29:05 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0)
 Gecko/20100101 Firefox/38.0 SeaMonkey/2.35
MIME-Version: 1.0
In-Reply-To: <CAKws9z3PBidEXQOZokomG-Y6GbfuefoTF=mXohJqZL=7w1xtGA@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Posted-By: 109.111.195.162
Subject: Re: PHP 7.1 - should we add a random_str() function?
From: ajf@ajf.me (Andrea Faulds)

Hey Scott,

Scott Arciszewski wrote:
> This is probably answerable by a quick yes/no and shouldn't need a ton
> of bikeshedding, but if that happens anyway I apologize in advance.
>
> I think random_bytes() and random_int() are great; they provide a
> much-needed building block in PHP 7.0. However, I do worry a bit that
> the most common use for random_int() (generating a random string of a
> fixed length with a given character set) will be reinvented over and
> over again, and rarely consistently.
>
> I would propose a random_str() function that behaves similar to this
> userland snippet: http://stackoverflow.com/a/32870871/2224584

Generating random strings of characters is difficult, yeah, so this 
seems useful. But I do wonder if this function is the right approach. 
What if you have some other source of bytes and want to also produce a 
sequence of characters matching some format?

What I think might be better is some bytes-to-arbitrary base conversion 
function, one which lets you specify the character set to use. Then you 
could use that with random_bytes(), but also with something else, 
perhaps a public key? This way we don't have to duplicate the same 
functionality somewhere else.

Thanks!

-- 
Andrea Faulds
http://ajf.me/