This sounds very useful. To make it easier to use, why not also add
some string constants, something like CHARS_HEX, CHARS_BASE64,
CHARS_DECIMAL, etc? Then you could just do `random_string(24,
CHARS_HEX);` to get a 24-char hex string.
On 16 July 2012 14:54, Nikita Popov <[email protected]> wrote:
> Hi all,
>
> I just want to throw a quick thought in here:
>
> The password API proposal includes a function called
> password_make_salt(), that basically creates a random string, either
> in raw binary form, or in the bcrypt salt format. Personally I don't
> see much use for the function in the salt context as the password API
> already generates the salt all by itself, but I do see a lot of use
> for a random string function in general. People commonly want to
> create random strings according to some format. Like CSRF tokens, ids,
> etc.
>
> So my thought was to drop password_make_salt() and instead add some
> kind of generalized random_string() function:
>
> // this is a 20 byte random binary string
> $str = random_string(20);
>
> // ten random hex characters
> $str = random_string(10, "0123456789ABCDEF");
>
> // 15 characters from the bcrypt alphabet 0-9a-zA-Z./
> $str = random_string(15,
> "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ./");
>
> // if it's not too hard to implement, one could support this kind
> of shortcut:
> $str = random_string(15, "0-9a-zA-Z./");
>
> Thoughts?
>
> Nikita
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
Andrew Faulds (AJF)
http://ajf.me/