With all these potential different ways to get some pseudo random data it would be hard to do this in native PHP. Now we could do this in C and implement all the code ourselves but why risk implementing our own random functions and potentially making a mistake? The answer is OpenSSL, we already have an OpenSSL module and obviously they have some random functionality built in for when you go to generate SSL certificates.

You can make a call to the openssl_random_pseudo_bytes (in PHP 5.3) to grab the number of bytes you need and pass in a "strong" value to get a more cryptographically secure value.