What is the best way to create a random hash/string?

Eric Gates picture Eric Gates · Feb 19, 2010 · Viewed 92k times · Source

What is the best way of generating a hash for the purpose of storing a session? I am looking for a lightweight, portable solution.

Answer

Gajus picture Gajus · Mar 12, 2014
bin2hex(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM));
  1. mcrypt_create_iv will give you a random sequence of bytes.
  2. bin2hex will convert it to ASCII text

Example output:

d2c63a605ae27c13e43e26fe2c97a36c4556846dd3ef

Bare in mind that "best" is a relative term. You have a tradeoff to make between security, uniqueness and speed. The above example is good for 99% of the cases, though if you are dealing with a particularly sensitive data, you might want to read about the difference between MCRYPT_DEV_URANDOM and MCRYPT_DEV_RANDOM.

Finally, there is a RandomLib "for generating random numbers and strings of various strengths".

Notice that so far I have assumed that you are looking to generate a random string, which is not the same as deriving a hash from a value. For the latter, refer to password_hash.