Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Scott MacVicar's Blog:
Accessing pseudo random data with PHP
Dec 15, 2008 @ 10:24:17

To help alleviate some recent complaints about the pseudo-random nature of the random functions in PHP, Scott MacVicar has proposed an alternate solution:

With all these potential different ways to get some pseudo random data it would be hard to do this in native PHP. Now we could do this in C and implement all the code ourselves but why risk implementing our own random functions and potentially making a mistake? The answer is OpenSSL, we already have an OpenSSL module and obviously they have some random functionality built in for when you go to generate SSL certificates.

You can make a call to the openssl_random_pseudo_bytes (in PHP 5.3) to grab the number of bytes you need and pass in a "strong" value to get a more cryptographically secure value.

tagged: random string data openssl pseudo bytes php5