You can use PHP's built-in hashing functions, sha1and md5. Choose one, not both.

您可以使用 PHP 的内置散列函数，sha1并且md5. 选择一个，而不是两个。

One may think that using both, sha1(md5($pass))would be a solution. Using both does not make your password more secure, its causes redundant data and does not make much sense.

人们可能认为同时使用两者sha1(md5($pass))是一种解决方案。使用两者不会使您的密码更安全，它会导致冗余数据并且没有多大意义。

Take a look at PHP Security Consortium: Password Hashingthey give a good article with weaknesses and improving security with hashing.

看看PHP Security Consortium: Password Hashing他们提供了一篇很好的文章，其中包含弱点并通过散列提高安全性。

Nonce stands for "numbers used once". They are used on requests to prevent unauthorized access, they send a secretkey and check the key each time your code is used.

随机数代表“ ñ使用umbers一次”。它们用于请求以防止未经授权的访问，它们发送一个秘密密钥并在每次使用您的代码时检查密钥。

You can check out more at PHP NONCE Library from FullThrottle Development

您可以在FullThrottle Development 的 PHP NONCE 库中查看更多信息

bin2hex(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM));

1. mcrypt_create_ivwill give you a random sequence of bytes.
2. bin2hexwill convert it to ASCII text

1. mcrypt_create_iv会给你一个随机的字节序列。
2. bin2hex将其转换为 ASCII 文本

Example output:

示例输出：

d2c63a605ae27c13e43e26fe2c97a36c4556846dd3ef

Bare in mind that "best" is a relative term. You have a tradeoff to make between security, uniqueness and speed. The above example is good for 99% of the cases, though if you are dealing with a particularly sensitive data, you might want to read about the difference between MCRYPT_DEV_URANDOM and MCRYPT_DEV_RANDOM.

请记住，“最佳”是一个相对术语。您需要在安全性、唯一性和速度之间做出权衡。上面的示例适用于 99% 的情况，但如果您正在处理特别敏感的数据，您可能需要阅读MCRYPT_DEV_URANDOM 和 MCRYPT_DEV_RANDOM 之间的区别。

Finally, there is a RandomLib"for generating random numbers and strings of various strengths".

最后，还有一个RandomLib“用于生成各种强度的随机数和字符串”。

Notice that so far I have assumed that you are looking to generate a random string, which is not the same as deriving a hashfrom a value. For the latter, refer to password_hash.

请注意，到目前为止，我已经假设您希望生成一个随机 string，这与从值派生哈希不同。对于后者，请参阅password_hash。

random_bytes()is available as of PHP 7.0 (or use this polyfill for 5.2 through 5.6):

random_bytes()从 PHP 7.0 开始可用（或者在 5.2 到 5.6 中使用这个 polyfill）：

$hash = bin2hex(random_bytes(16));
echo serialize($hash);

Output:

输出：

s:32:"c8b2ca837488ff779753f374545b603c";

s:32:"c8b2ca837488ff779753f374545b603c";

Maybe uniqid() is what you need?

也许 uniqid() 是你需要的？

uniqid — Generate a unique ID

uniqid — 生成唯一 ID

You can use openssl_random_pseudo_bytessince php 5.3.0 to generate a pseudo random string of bytes. You can use this function and convert it in some way to string using one of these methods:

从 php 5.3.0 开始，您可以使用openssl_random_pseudo_bytes来生成伪随机字节串。您可以使用此函数并使用以下方法之一以某种方式将其转换为字符串：

$bytes = openssl_random_pseudo_bytes(32);
$hash = base64_encode($bytes);

or

或者

$bytes = openssl_random_pseudo_bytes(32);
$hash = bin2hex($bytes);

The first one will generate the shortest string, with numbers, lowercase, uppercase and some special characters (=, +, /). The second alternative will generate hexadecimal numbers (0-9, a-f)

第一个将生成最短的字符串，包含数字、小写、大写和一些特殊字符（=、+、/）。第二种选择将生成十六进制数 (0-9, af)

Use random_bytes()if it's available!

使用random_bytes()如果它是可用的！

$length = 32;

$length = 32;

if (function_exists("random_bytes")) {
    $bytes = random_bytes(ceil($length / 2));
    $token = substr(bin2hex($bytes), 0, $length)
}

Check it on php.net

在 php.net 上检查

I generally dont manually manage session ids. Ive seen something along these lines recommended for mixing things up a bit before, ive never used myself so i cant attest to it being any better or worse than the default (Note this is for use with autogen not with manual management).

我通常不手动管理会话 ID。我以前看过一些建议将这些东西混合在一起的东西，我从来没有用过自己，所以我无法证明它比默认设置更好或更差（请注意，这是用于 autogen 而不是手动管理）。

//md5 "emulation" using sha1
ini_set('session.hash_function', 1);
ini_set('session.hash_bits_per_character', 5);

I personally use apache's mod_unique_idto generate a random unique number to store my sessions. It's really easy to use (if you use apache).

我个人使用 apache 的mod_unique_id生成一个随机的唯一编号来存储我的会话。它真的很容易使用（如果你使用 apache）。

For nonce take a look here http://en.wikipedia.org/wiki/Cryptographic_noncethere's even a link to a PHP library.

对于 nonce，请查看这里http://en.wikipedia.org/wiki/Cryptographic_nonce，甚至还有一个指向 PHP 库的链接。

Different people will have different bestways. But this is my way:

不同的人会有不同的best方式。但这是我的方式：

1. Download this rand-hash.phpfile : http://bit.ly/random-string-generator
2. include()it in the php script that you are working with. Then, simply call cc_rand()function. By default it will return a 6 characters long random string that may include a-z, A-Z,and 0-9. You can pass lengthto specify how many characters cc_rand()should return.

1. 下载此rand-hash.php文件：http: //bit.ly/random-string-generator
2. include()它在您正在使用的 php 脚本中。然后，简单地调用 cc_rand()函数。默认情况下，它将返回一个 6 个字符长的随机字符串，其中可能包含a-z, A-Z,和0-9。您可以通过 length来指定cc_rand()应该返回多少个字符。

Example:

例子：

1. cc_rand()will return something like: 4M8iro

2. cc_rand(15)will return something similar to this: S4cDK0L34hRIqAS

1. cc_rand()将返回如下内容： 4M8iro

2. cc_rand(15)将返回与此类似的内容： S4cDK0L34hRIqAS

Cheers!

干杯!