What is the best way to create a random hash/string?

php session hash md5
Eric Gates picture Eric Gates · Feb 19, 2010 · Viewed 92k times · Source

What is the best way of generating a hash for the purpose of storing a session? I am looking for a lightweight, portable solution.

Answer

Gajus picture Gajus · Mar 12, 2014 
bin2hex(mcrypt_create_iv(22, MCRYPT_DEV_URANDOM));
  1. mcrypt_create_iv will give you a random sequence of bytes.
  2. bin2hex will convert it to ASCII text

Example output:

d2c63a605ae27c13e43e26fe2c97a36c4556846dd3ef

Bare in mind that "best" is a relative term. You have a tradeoff to make between security, uniqueness and speed. The above example is good for 99% of the cases, though if you are dealing with a particularly sensitive data, you might want to read about the difference between MCRYPT_DEV_URANDOM and MCRYPT_DEV_RANDOM.

Finally, there is a RandomLib "for generating random numbers and strings of various strengths".

Notice that so far I have assumed that you are looking to generate a random string, which is not the same as deriving a hash from a value. For the latter, refer to password_hash.

Related questions

How do I expire a PHP session after 30 minutes?

I need to keep a session alive for 30 minutes and then destroy it.

Read More
PHP Pass variable to next page

It seems pretty simple but I can't find a good way to do it. Say in the first page I create a variable $myVariable = "Some text"; And the form's action for that page is "Page2.php". So in Page2.php, …

Read More
"Cannot send session cache limiter - headers already sent"

Having a problem with sessions which is becoming very annoying. Every time I try to start a session on a particular page I get the following error: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already …

Read More