string Laravel str_random() 还是自定义函数?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23015874/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel str_random() or custom function?
提问by Mike
Is the Laravel str_random() function random enough so that I can use it for IDs?
Laravel str_random() 函数是否足够随机,以便我可以将其用于 ID?
For example:
例如:
str_random(32);
This produces a random string of length 32 made up of alphanumeric characters [a-zA-z0-9] (62 characters in total).
这会产生一个长度为 32 的随机字符串,由字母数字字符 [a-zA-z0-9](总共 62 个字符)组成。
Which equates to 2272657884496751345355241563627544170162852933518655225856 possibilities.
这相当于 2272657884496751345355241563627544170162852933518655225856 种可能性。
However, my question is, is this going to be good enough? Or should I consider using UUIDs or another custom function.
但是,我的问题是,这是否足够好?或者我应该考虑使用 UUID 或其他自定义函数。
回答by Antonio Carlos Ribeiro
str_random
(Str::random()
) tries to use openssl_random_pseudo_bytes
which is a pseudo random number generator optimized for cryptography, not uniqueness. If openssl_random_pseudo_bytes
is not available, it falls back to quickRandom()
:
str_random
( Str::random()
) 尝试使用openssl_random_pseudo_bytes
哪个是针对密码术优化的伪随机数生成器,而不是唯一性。如果openssl_random_pseudo_bytes
不可用,则回退到quickRandom()
:
public static function quickRandom($length = 16)
{
$pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
return substr(str_shuffle(str_repeat($pool, 5)), 0, $length);
}
In my opinion quickRandom
code is notreliable for uniqueness nor cryptography.
在我看来,quickRandom
代码的唯一性和密码学都不可靠。
Yes, having openssl_random_pseudo_bytes
and using 32 bytes is almost impossible to see a collision, but it's still possible. If you want to make sure your strings/numbers will be unique (99.99%), you better use a UUID function. This is what I normally use:
是的,拥有openssl_random_pseudo_bytes
和使用 32 个字节几乎不可能看到冲突,但它仍然是可能的。如果您想确保您的字符串/数字是唯一的 (99.99%),您最好使用 UUID 函数。这是我通常使用的:
/**
*
* Generate v4 UUID
*
* Version 4 UUIDs are pseudo-random.
*/
public static function v4()
{
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
// 32 bits for "time_low"
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
// 16 bits for "time_mid"
mt_rand(0, 0xffff),
// 16 bits for "time_hi_and_version",
// four most significant bits holds version number 4
mt_rand(0, 0x0fff) | 0x4000,
// 16 bits, 8 bits for "clk_seq_hi_res",
// 8 bits for "clk_seq_low",
// two most significant bits holds zero and one for variant DCE1.1
mt_rand(0, 0x3fff) | 0x8000,
// 48 bits for "node"
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
);
}
It generates a VALID RFC 4211 COMPLIANT version 4 UUID.
它生成一个 VALID RFC 4211 COMPLIANT version 4 UUID。
Check this: http://en.wikipedia.org/wiki/UUID#Random%5FUUID%5Fprobability%5Fof%5Fduplicates
检查这个:http: //en.wikipedia.org/wiki/UUID#Random%5FUUID%5Fprobability%5Fof%5Fduplicates
回答by hashem sheikhypour
you can use this
你可以用这个
use Illuminate\Support\Str;
$random = Str::random(40);